Kicked the tires on it last night; it’s still super raw. Accessing items requires piping the entire plaintext contents of a vault into jq or similar, which means I’ll probably write a shell wrapper for it so i can filter easily etc.
It would be nice to open source it and let us submit PRs for things.
I’m worried this is yet another attack vector against 1P, and provides easier key export for attackers that gain access to your command line.
What is the other attack vector?
This is great news for me. The command line tool has been the only thing that has kept me with lastpass.
This is sadly closed source and unsigned on OS X.
After having a short look at the binary: this is most likely written in Go.
From the blog post:
Kicked the tires on it last night; it’s still super raw. Accessing items requires piping the entire plaintext contents of a vault into
jq
or similar, which means I’ll probably write a shell wrapper for it so i can filter easily etc.It would be nice to open source it and let us submit PRs for things.