Skip to content

Instantly share code, notes, and snippets.

@gabrielfeo

gabrielfeo/pinentry-op.bash

Last active February 20, 2025 17:06
Show Gist options
  • Save gabrielfeo/92befe0501cfbfad6722cd787c0a0ca2 to your computer and use it in GitHub Desktop.
Save gabrielfeo/92befe0501cfbfad6722cd787c0a0ca2 to your computer and use it in GitHub Desktop.
Download ZIP
Have gpg fetch key password using 1Password CLI
Raw
pinentry-op.bash
#!/usr/bin/env bash
# Have gpg fetch key password using 1Password CLI.
#
# 1. Add to ~/.gnupg/gpg-agent.conf:
#
# pinentry-program <path to this file>
#
# 2. Export OP_GPG_PASSWORD_ENTRY_<key-id>=<key-password-reference> variables :
#
# export OP_GPG_PASSWORD_ENTRY_22129EAMD723DCC8=op://Employee/asklnfnf234njndsf9asd09asd/password
# export OP_GPG_PASSWORD_ENTRY_34532D9A9ASKMNC3=op://Employee/q9wardafja8s9f8sdfshdfhsfd/password
#
# You may have to kill the agent for it take effect:
#
# gpg-connect-agent killagent
#
# If you ever want to change this file, export LOG=<some-path> to see how gpg runs it.
#
# Derived from https://gist.github.com/wmudge/422660bcb3dbd767ad4219a5d471ea38
: ${PINENTRY_OP_LOG_FILE:=~/.gnupg/pinentry-op.log}
function log {
echo "[pinentry-op] $@" >> "$PINENTRY_OP_LOG_FILE"
}
echo "OK"
while read cmd val; do
log "$cmd $val"
case "$cmd" in
\#*)
;;
SETDESC)
key_id="$(echo "$val" | sed -E 's/.*ID ([A-Z0-9]+).*/\1/')"
key_var="OP_GPG_PASSWORD_ENTRY_$key_id"
log "Detected key ID $key_id, var $key_var (value ${!key_var})"
OP_GPG_PASSWORD_ENTRY_CURRENT="${!key_var}"
;;
GETPIN)
COMMAND="op read $OP_GPG_PASSWORD_ENTRY_CURRENT"
log "Executing '$COMMAND'"
echo "D $($COMMAND)"
;;
SETERROR)
echo "ERR 31 Invalid passphrase"
;;
BYE)
exit 0
;;
*)
echo
;;
esac
echo "OK"
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment