Gopass Browser Bindings

JSON API

gopass-jsonapi enables communication with gopass via JSON messages.

This is particularly useful for browser plugins like gopassbridge running gopass as native app. More details can be found in api.md.

Project status

This is still work-in-progress and no regular release process has been defined. You might encounter outdated or incomplete documentation across different repositories and gopass versions.

Installation

gopass v1.10 / v1.11: The binary for v1.10 and v1.11 can be downloaded and unpacked from archive files on Github Releases.

gopass v1.12 or newer: You need to manually download the gopass-jsonapi binary from GitHub Releases, until it is available in popular package managers.

Alternatively you can compile it yourself if you have Go 1.14 (or greater) installed:

git clone https://github.com/gopasspw/gopass-jsonapi.git
cd gopass-jsonapi
make build
./gopass-jsonapi help

You need to run gopass-jsonapi configure for each browser you want to use with gopass.

Windows: The jsonapi setup copies the current gopass-jsonapi binary as a wrapper executable file (gopass_native_host.exe calls the listener directly). It is recommended to run gopass-jsonapi configure after each update to have the latest version setup for your browser. The global setup requires to run gopass-jsonapi configure as Administrator.

Usage

Gopass allows filling in passwords in browsers leveraging a browser plugin like gopassbridge. The browser plugin communicates with gopass-jsonapi via JSON messages. To allow the plugin to interact with gopass-jsonapi, a native messaging manifest must be installed for each browser.

You need to run gopass-jsonapi configure to configure your browser for gopass-jsonapi.

# Asks all questions concerning browser and setup
gopass-jsonapi configure

# Do not copy / install any files, just print their location and content
gopass-jsonapi configure --print

# Specify browser and wrapper path
gopass-jsonapi configure --browser chrome --path /home/user/.local/

How user name is determined

The user name/login is determined from login, username and user yaml attributes (after the --- separator) like this:

<your password>
---
username: <your username>

As fallback, the last part of the path is used, e.g. theuser1 for Internet/github.com/theuser1 entry.

Supported Browsers

Linux / macOS:

  • Firefox
  • Chrome
  • Chromium
  • Brave
  • Vivaldi
  • Iridium
  • Slimjet

Windows

  • Firefox
  • Chrome
  • Chromium
  • Brave

Contributing

Thank you very much for supporting gopass. Pull requests are welcome.

Please follow the gopass contribution guidelines and Pull Request checklist.

Owner
Gopass
Gopass - An awesome password manager for awesome teams
Gopass
https://github.com/gopasspw/gopass-jsonapi
Comments
  • Error: store not initialized

    Error: store not initialized

    Summary

    When I run gopass-jsonapi configure, I get the following error message: Failed to initialize gopass API: store not initialized. run gopass init first. But my gopass store is fully initialized and working.

    Steps To Reproduce

    Run gopass-jsonapi configure

    Expected behavior

    I expect it to set up the JSON API.

    Environment

    • OS: Arch Linux
    • OS version: Linux arch 5.11.15-arch1-2 #1 SMP PREEMPT Sat, 17 Apr 2021 00:22:30 +0000 x86_64 GNU/Linux
    • gopass-jsonapi Version: 1.11.1
    • gopass Version: 1.12.5
    • Installation method: https://aur.archlinux.org/packages/gopass-jsonapi-bin

    Additional context

    My gopass configuration can be found in my dotfiles.

  • Reports the version incompatible with Gopass Bridge.

    Reports the version incompatible with Gopass Bridge.

    When splitting functionality between projects like that, please at least report a semblance of a proper version maybe?

    Gopass Bridge complains about gopass-jsonapi version again since it is clearly lower than 1.8.5. And I wouldn't mind that, but no automatic search for hostname happens in this case.

    > gopass-jsonapi --version
gopass-jsonapi version 0.0.1
  • Latest release no longer works on xubuntu22.04

    Latest release no longer works on xubuntu22.04

    Summary

    Latest release no longer works on xubuntu22.04

    Steps To Reproduce

    1. sudo dpkg -i gopass-jsonapi_1.14.3_linux_amd64.deb
    2. gopass-jsonapi -h

    -> This program can only be run on AMD64 processors with v3 microarchitecture support.

    Environment

    • Fresh installed xubuntu22.04 on virtualbox (guest - linux64/ubuntu settings)

    Additional context

    gopass-jsonapi_1.11.1_linux_amd64.deb is working on the same vm, maybe changed sth in your build?

  • Add Brave path for Windows

    Add Brave path for Windows

    Hello,

    I recently switched browsers from Chrome to Brave and I happily discovered glad that the setup of jsonapi was already existing for Linux!

    However, when I switched as well on my Windows machine, I was surprised that Brave was not out of the box supported.

    I don’t know if there is a reason for not having the same Browser support between Linux / Mac / Windows but I propose to add Brave to the Windows build with that PR.

    Tested on my Windows 10 machine.

    Have a nice day, Loric

  • `VERSION` is not bumped on release

    `VERSION` is not bumped on release

    Summary

    The latest version of gopass-jsonapi is 1.15.2 and gopass-jsonapi --version still gives 1.14.5 (the old release) because the VERSION file contains the old version in the new release.

    Steps To Reproduce

    $ go install github.com/gopasspw/[email protected]
go: downloading github.com/gopasspw/gopass-jsonapi v1.15.2
$ gopass-jsonapi --version
gopass-jsonapi version 1.14.5

    Expected behavior

    Release and output of --version match

    Environment

    • OS: Arch Linux
    • OS version: Linux meterpeter 6.1.0-arch1-1 #1 SMP PREEMPT_DYNAMIC Sun, 11 Dec 2022 23:35:00 +0000 x86_64 GNU/Linux
    • gopass-jsonapi Version: gopass-jsonapi version 1.14.5
    • Installation method: Source / ABS

    Additional context

    https://gopassworkspace.slack.com/archives/C018JEGLZU3/p1671470383332919

  • Arch AUR Package

    Arch AUR Package

    I have created an AUR package for gopass-bridge in binary format without the need for being built.

    https://aur.archlinux.org/packages/gopass-jsonapi-bin/

  • Bump github.com/urfave/cli/v2 from 2.10.3 to 2.11.1

    Bump github.com/urfave/cli/v2 from 2.10.3 to 2.11.1

    Bumps github.com/urfave/cli/v2 from 2.10.3 to 2.11.1.

    Release notes

    Sourced from github.com/urfave/cli/v2's releases.

    v2.11.1

    What's Changed

    New Contributors

    Full Changelog: https://github.com/urfave/cli/compare/v2.11.0...v2.11.1

    v2.11.0

    What's Changed

    New Contributors

    Full Changelog: https://github.com/urfave/cli/compare/v2.10.3...v2.11.0

    Commits
    • c8147a4 Merge pull request #1439 from hmiyado/fix-timestamp-getvalue
    • 6d67b2d Fix for TimestampFlag.GetValue to return empty string without value
    • a91950f Merge pull request #1436 from urfave/revert-1435-merging-main-to-v3-dev-main
    • 25116be Revert "Merging main to v3 dev main"
    • f8124ae Merge pull request #1435 from urfave/merging-main-to-v3-dev-main
    • a82c9b1 Merge remote-tracking branch 'origin/main' into merging-main-to-v3-dev-main
    • 8d46d37 Approve v2 addition of timestamp/timezone/location
    • 8b41988 Merge pull request #1426 from urfave/default-command-doc
    • 2e71cb8 Merge pull request #1432 from julian7/timezoned-timestamp
    • 1335a70 accept timezone for timestamps
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Bump github.com/urfave/cli/v2 from 2.10.3 to 2.11.0

    Bump github.com/urfave/cli/v2 from 2.10.3 to 2.11.0

    Bumps github.com/urfave/cli/v2 from 2.10.3 to 2.11.0.

    Release notes

    Sourced from github.com/urfave/cli/v2's releases.

    v2.11.0

    What's Changed

    New Contributors

    Full Changelog: https://github.com/urfave/cli/compare/v2.10.3...v2.11.0

    Commits
    • 8d46d37 Approve v2 addition of timestamp/timezone/location
    • 8b41988 Merge pull request #1426 from urfave/default-command-doc
    • 2e71cb8 Merge pull request #1432 from julian7/timezoned-timestamp
    • 1335a70 accept timezone for timestamps
    • d7504f8 Approve v2 addition of App.DefaultCommand
    • d29120f Merge pull request #1388 from jalavosus/feature/default-command
    • d8c93f8 app_test.go: add tests for default command + flag
    • 1dfa982 gofmt
    • 1b3da50 Add test cases for subcommands of default command
    • 77feee8 Implement slightly wonky setup for checking against ...
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Bump github.com/stretchr/testify from 1.7.4 to 1.8.0

    Bump github.com/stretchr/testify from 1.7.4 to 1.8.0

    Bumps github.com/stretchr/testify from 1.7.4 to 1.8.0.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Bump github.com/urfave/cli/v2 from 2.10.2 to 2.10.3

    Bump github.com/urfave/cli/v2 from 2.10.2 to 2.10.3

    Bumps github.com/urfave/cli/v2 from 2.10.2 to 2.10.3.

    Release notes

    Sourced from github.com/urfave/cli/v2's releases.

    v2.10.3

    What's Changed

    Full Changelog: https://github.com/urfave/cli/compare/v2.10.2...v2.10.3

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Bump github.com/stretchr/testify from 1.7.4 to 1.7.5

    Bump github.com/stretchr/testify from 1.7.4 to 1.7.5

    Bumps github.com/stretchr/testify from 1.7.4 to 1.7.5.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • does not work on flatpack / snap installations

    does not work on flatpack / snap installations

    Summary

    while new ubuntu head toward firefox as snap (unfortunately) gopass-jsonapi does not work on flatpack / snap installations

    Steps To Reproduce

    1. sudo dpkg -i gopass-jsonapi_1.11.1_linux_amd64.deb
    2. gopass-jsonapi configure
    3. choose firefox
    4. try out gopass-bridge on firefox -> shows no connection

    Environment

    vanilla xubuntu22.04

    Additional context

    I assume, storing native messaging host file at .mozilla/native-messaging-hosts/com.justwatch.gopass.json is not the correct location for snap / flatpack?

  • Please add support for LibreWolf

    Please add support for LibreWolf

    Summary

    For privacy concerns, I've switched from Brave to LibreWolf, which is a solid Firefox/Brave alternative without the annoyances of Firefox. I've noticed gopass-jsonapi is not able to set up the Gopass bridge.

    Steps To Reproduce

    !. Install LibreWolf 2. Install Gopass extension 3. Try to configure using gopass-jsonapi

    Expected behavior

    LibreWolf is not different from Firefox that much, except for being hardened for privacy. This should be easy to set up and work.

    Environment

    • OS: Gentoo
    • OS version: Linux mamadou-legion 5.15.50 # 34 SMP Tue Jun 28 16:56:47 CEST 2022 x86_64 11th Gen Intel(R) Core(TM) i7-11800H @ 2.30GHz GenuineIntel GNU/Linux
    • gopass-jsonapi Version: gopass-jsonapi version 1.11.1
    • Installation method: My own custom ebuilds

    Additional context

    BTW, I've noticed the version is being reported as 1.11.1 by gopass-jsonapi. Looking at the repository/VERSION file it seems it contains the wrong version string. I'm running 1.14.3 at the moment.

  • mobile support

    mobile support

    Has anyone investigated if its possible to support mobiles ?

    I ask because it would be nice to support IOS users. If it's 100% out of scope just let me know and why please.

    https://support.1password.com/get-the-apps/?ios has it and so its technically possible.

  • Gopass Bridge cannot handle tilde in Gopass path

    Gopass Bridge cannot handle tilde in Gopass path

    In my Gopass config, I'm using a ~ to specify the path: https://github.com/cloudlena/dotfiles/blob/main/gopass/.config/gopass/config.yml#L2

    This works fine with the gopass command, but Gopass Bridge cannot handle it. Everything works fine if I replace ~ with /home/lena though.

  • Installation with

    Installation with "go get" does not handle version

    Summary

    "go get" installation does not handle version and produces binary incompatible with gopassbridge (version mismatch).

    Steps To Reproduce

    go get github.com/gopasspw/gopass-jsonapi

    The first problem is this error complaining about uninitialized gopass store. If possible it shouldn't be necessary to have an initialized store to run "help", "version" or "configure".

    Failed to initialize gopass API: store not initialized. run gopass init first

    Second error only happens when using "go get" for to compile the binary:

    $ ./gopass-jsonapi --version Incorrect Usage. flag provided but not defined: -version

    Expected behavior

    Following command completes successfully and outputs the latest released version of gopass-jsonapi:

    docker run --rm golang bash -c 'go get github.com/gopasspw/gopass-jsonapi && ./bin/gopass-jsonapi --version'

    Environment

    • OS: checked with Docker on Mac, probably independent of OS
    • OS version: Linux ef82b619761e 4.19.121-linuxkit #1 SMP Tue Dec 1 17:50:32 UTC 2020 x86_64 GNU/Linux
    • gopass-jsonapi Version: gopass-jsonapi version 1.11.1
    • Installation method: compiled from source

    Additional context

    see discussion from https://github.com/gopasspw/gopassbridge/issues/171#issuecomment-789670449

Related tags
Cryptography gopass-jsonapi
Decrypt passwords/cookies/history/bookmarks from the browser.
 Decrypt passwords/cookies/history/bookmarks from the browser.

hack-browser-data is an open-source tool that could help you decrypt data ( passwords|bookmarks|cookies|history ) from the browser. It supports the most popular browsers on the market and runs on Windows, macOS and Linux.

Jan 9, 2023
Build apps that run everywhere with Go and a browser engine of your choice (Chrome, Firefox, Epiphany or Android WebView).

hydrapp Build apps that run everywhere with Go and a browser engine of your choice (Chrome, Firefox, Epiphany or Android WebView). Overview ?? This pr

Dec 14, 2022
Sign, verify, encrypt and decrypt data with GPG in your browser.
 Sign, verify, encrypt and decrypt data with GPG in your browser.

keygaen Sign, verify, encrypt and decrypt data with GPG in your browser. ⚠️ keygaen has not yet been audited! While we try to make keygaen as secure a

Nov 22, 2022
OpenSSL bindings for Go

OpenSSL bindings for Go Please see http://godoc.org/github.com/spacemonkeygo/openssl for more info License Copyright (C) 2017. See AUTHORS. Licensed u

Dec 29, 2022
Shows how to use OpenCL with Go bindings.

Golang OpenCL example This is a tiny "hello world"-like application that shows how to use the github.com/jgillich/go-opencl OpenCL bindings for Go. Se

Nov 20, 2022
hack-browser-data is an open-source tool that could help you decrypt data from the browser.
 hack-browser-data is an open-source tool that could help you decrypt data from the browser.

hack-browser-data is an open-source tool that could help you decrypt data ( password|bookmark|cookie|history|credit card|download

Dec 23, 2022
🌭 The hotdog web browser and browser engine 🌭
 🌭 The hotdog web browser and browser engine 🌭

This is the hotdog web browser project. It's a web browser with its own layout and rendering engine, parsers, and UI toolkit! It's made from scratch e

Dec 30, 2022
GoLang Library for Browser Capabilities Project

Browser Capabilities GoLang Project PHP has get_browser() function which tells what the user's browser is capable of. You can check original documenta

Sep 27, 2022
:rocket: Instant live visualization of your Go application runtime statistics (GC, MemStats, etc.) in the browser
 :rocket: Instant live visualization of your Go application runtime statistics (GC, MemStats, etc.) in the browser

Statsviz Instant live visualization of your Go application runtime statistics (GC, MemStats, etc.). Import "github.com/arl/statsviz" Register statsviz

Jan 3, 2023
Go testing in the browser. Integrates with `go test`. Write behavioral tests in Go.
 Go testing in the browser. Integrates with `go test`. Write behavioral tests in Go.

GoConvey is awesome Go testing Welcome to GoConvey, a yummy Go testing tool for gophers. Works with go test. Use it in the terminal or browser accordi

Dec 30, 2022
Playwright for Go a browser automation library to control Chromium, Firefox and WebKit with a single API.
 Playwright for Go a browser automation library to control Chromium, Firefox and WebKit with a single API.

?? Playwright for API reference | Example recipes Playwright is a Go library to automate Chromium, Firefox and WebKit with a single API. Playwright is

Jan 1, 2023
Run WASM tests inside your browser

wasmbrowsertest Run Go wasm tests easily in your browser. If you have a codebase targeting the wasm platform, chances are you would want to test your

Dec 16, 2022
A kafka command line browser
 A kafka command line browser

kcli Kcli is a kafka read only command line browser. Install Binaries are provided here (windows is not tested). If you have go (1.11 or greater) inst

Nov 17, 2022
A compiler from Go to JavaScript for running Go code in a browser

GopherJS - A compiler from Go to JavaScript GopherJS compiles Go code (golang.org) to pure JavaScript code. Its main purpose is to give you the opport

Dec 30, 2022
Simple in Pure Go in Browser Interactive Interpreter
 Simple in Pure Go in Browser Interactive Interpreter

GoBook This project is a PoC Don't take it seriously The main point of this project is the use of the library: github.com/brendonmatos/golive Maybe th

Feb 22, 2022
Decrypt passwords/cookies/history/bookmarks from the browser.
 Decrypt passwords/cookies/history/bookmarks from the browser.

hack-browser-data is an open-source tool that could help you decrypt data ( passwords|bookmarks|cookies|history ) from the browser. It supports the most popular browsers on the market and runs on Windows, macOS and Linux.

Jan 9, 2023
📡 ssh into browser tab.

tabssh idk Uses TabFS and gilderlabs/ssh. Set your TabFS mount path in tabssh.go. $ go run tabssh.go and $ ssh -o StrictHostKeyChecking=no localhost

Dec 3, 2022
Go compiler running entirely in your browser

wasm-go-playground This is the Go compiler ("gc") compiled for WASM, running in your browser! It can be used to run a simple playground, à la play.gol

Nov 10, 2022
Host yo' self from your browser, your phone, your toaster.
 Host yo' self from your browser, your phone, your toaster.

A hosting service from the browser, because why not. Try it at hostyoself.com. See it in action Here's an example where I use hostyoself.com to host i

Jan 1, 2023
Selfhosted collaborative browser - room management for n.eko
 Selfhosted collaborative browser - room management for n.eko

neko-rooms Simple room management system for n.eko. Self hosted rabb.it alternative. How to start You need to have installed Docker and docker-compose

Dec 20, 2022