2017.11.25

A faster LastPass lookup for your Linux desktop

Christopher Peterson Blog BASH, cli, dmenu, Firefox, LastPass, Linux

At work we noticed how the LastPass plugin on the new Firefox Quantum (due to limitations of the new plugin architecture?) no longer has copy a “Copy Password” button. LastPass support suggested that this might not be changing anytime soon. We rely on this a lot for different terminal-based work, so it was a sad revelation.

This bothered me enough that I made my own LastPass popup thing for my Linux desktop and as a bonus the workflow is also much faster than it was in the browser.

https://github.com/cspeterson/dotfiles/blob/master/.bin/lastpass-dmenu

Here is the code in case I move the file or something and forget to update this post:

IFS=$'\n'
# List all entries in LastPass vault into dmenu formatted as follows
# Folder/subfolder/Name of Site [username at site] [id: id for lookup]
entries=($(lpass ls --long \
  | cut -d ' ' -f 3- \
  | sed 's/\[username: /[/' \
  | sed 's/\(.*\)\(\[.*\]\) \(\[.*\]\)/\1 \3 \2/')
  )

# Get id from dmenu user selection
selid=$(printf '%s\n' "${entries[@]}" \
  | dmenu -i -p 'LastPass: ' -l 7 \
  | sed 's/^.*\[id: \([0-9]\{1,\}\)\].*$/\1/')

# Password to clipboard
lpass show --clip --password ${selid}

IFS=$'\n'

# List all entries in LastPass vault into dmenu formatted as follows

# Folder/subfolder/Name of Site [username at site] [id: id for lookup]

entries=($(lpass ls --long \

| cut -d ' ' -f 3- \

| sed 's/\[username: /[/' \

| sed 's/$.*$$\[.*\]$ $\[.*\]$/\1 \3 \2/')

)

# Get id from dmenu user selection

selid=$(printf '%s\n' "${entries[@]}" \

| dmenu -i -p 'LastPass: ' -l 7 \

| sed 's/^.*\[id: $[0-9]\{1,\}$\].*$/\1/')

# Password to clipboard

lpass show --clip --password ${selid}

Documentation for the script is in the file, but here is exactly what install could look like on Ubuntu, for example

sudo apt-get update
# Lastpass cli is the lastpass cli client from LastPass themselves
sudo apt-get install dmenu lastpass-cli
mkdir $HOME/.bin
wget -O $HOME/.bin/lastpass-cli https://raw.githubusercontent.com/cspeterson/dotfiles/master/.bin/lastpass-dmenu
chmod +x $HOME/.bin/lastpass-cli
# Login to lastpass-cli one time and it will remember your email for the
# future
lpass login myuser@ias.edu

sudo apt-get update

# Lastpass cli is the lastpass cli client from LastPass themselves

sudo apt-get install dmenu lastpass-cli

mkdir $HOME/.bin

wget -O $HOME/.bin/lastpass-cli https://raw.githubusercontent.com/cspeterson/dotfiles/master/.bin/lastpass-dmenu

chmod +x $HOME/.bin/lastpass-cli

# Login to lastpass-cli one time and it will remember your email for the

# future

lpass login myuser@ias.edu

And then run it there(no) or bind it to a hotkey(yes) in your window manager/whatever (I think this is under Keyboard settings in e.g. Gnome?).

When the menu pops up, just start typing the entry you want. It searches through both entry Name and Username. Whichever entry you select in the dmenu popup, the corresponding password will drop into your clipboard. Easy peasy.

Security

By default as of this writing, lpass seems to just leave your password in the X primary clipboard forever (or until overwritten). It recognizes an environment variable however, LPASS_CLIPBOARD_COMMAND, where you can specify your clipboard command and arguments. This allows for a setting like the following

export LPASS_CLIPBOARD_COMMAND="xclip -selection clipboard -in -l 1"

1	export LPASS_CLIPBOARD_COMMAND="xclip -selection clipboard -in -l 1"

Which will allow one X selection request (i.e. a paste action) before this value is cleared from the clipboard. Hopefully the default will change in the future to be more secure? But there go in the meantime.

<edit> After further consideration it seems the environment variable trickery above will remain the only solution, so get used to it 😉