Skip to content

client: add password-stdin flag with U2F enforcement #256

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
BetaFold3 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

client: add password-stdin flag with U2F enforcement #256

BetaFold3 wants to merge 1 commit into from

Conversation

@BetaFold3
Copy link
Contributor

@BetaFold3 BetaFold3 commented Dec 12, 2024

Add --password-stdin flag to enable secure automation workflows while maintaining strong 2FA requirements:

  • Support providing password from stdin along with existing interactive prompt
  • Enforce U2F as second factor
  • Automatically disable TOTP and VIPAccess when using stdin
  • Add tests for new functionality

Example usage with various password managers:

$ op read "op://vault-name/item-name/password" | keymaster --password-stdin -configHost ${CONFIGHOST}
$ bw get password item-id | keymaster --password-stdin -configHost ${CONFIGHOST}
$ lpass show --password item-name | keymaster --password-stdin -configHost ${CONFIGHOST}

This approach ensures physical security token presence while enabling automation.

@BetaFold3
client: add password-stdin flag with U2F enforcement
48b248e 
Add --password-stdin flag to read password from stdin while enforcing U2F
as second factor. This maintains security by requiring physical key presence
while enabling automation workflows.
@BetaFold3 BetaFold3 mentioned this pull request Dec 12, 2024
Open
@BetaFold3
Copy link
Contributor Author

BetaFold3 commented Dec 12, 2024

Note: The GitHub Actions failures appear to be CI infrastructure related rather than code issues. All tests pass locally. Would appreciate a re-run of the checks when possible.

@BetaFold3
Copy link
Contributor Author

BetaFold3 commented Jan 21, 2025

@rgooch @cviecco Friendly ping! Just checking if there's any feedback on this PR or if you'd like me to make any adjustments to the approach?

The CI failures from last time appear to be infrastructure-related as all tests pass locally. Happy to address any concerns or suggestions you might have.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@BetaFold3