str4d
UX: non-interactive passphrase support
What were you trying to do
I'd like to encrypt/decrypt an age file without an interactive passphrase prompt, and script it somehow. See https://github.com/FiloSottile/age/discussions/256
What happened
I get prompted for a passphrase 😉
From the Go implementation a few different PRs have been posted and either rejected with (we'll do something else, and nothing's happened yet) or ignored.
My personal preference would be to be able to use an environment variable and run rage with that variable set. For my use case I'm not concerned about possible password leakage. An alternative would be to be able to read the passphrase from regular stdin so could pipe the password in. https://ccrypt.sourceforge.net/ has a bunch of options for this, including an option to only require the passphrase once --brave versus --timid.
I noticed there is pinentry support in rage 🎉 , but I don't know enough about it to know if that's a viable option (while experimenting for example with pinentry-w32.exe under CMD, the command exits without starting the text-based interaction, it seems to work fine under bash).
Any other ideas? Is this something you'd be willing to implement (or potentially accept PRs's, I don't have a rust background)?
BTW nice job with this, works much better on Windows than the reference Go implementation 👍
ill also put it here if somebody going to search for alternative solutions for password input:
There is other easy way with using "expect":
example of encryption:
#!/bin/sh
PASSPHRASE="1231234"
AGE_INPUT="flake.nix"
AGE_OUTPUT="r2.age"
expect <<EOF
log_user 0
spawn age -e -p -o "$AGE_OUTPUT" "$AGE_INPUT"
send -- "$PASSPHRASE\n"
# confirmation
send -- "$PASSPHRASE\n"
expect -- "\n"
log_user 1
expect eof
EOF
example of decryption:
#!/bin/sh
# we can read env variable here or pass it as an argument
PASSPHRASE="1231234"
AGE_FILE="r2.age"
expect <<EOF
log_user 0
spawn age -d "$AGE_FILE"
send -- "$PASSPHRASE\n"
expect -- "\n"
log_user 1
expect eof
EOF
