A faster LastPass lookup for your Linux desktop
At work we noticed how the LastPass plugin on the new Firefox Quantum (due to limitations of the new plugin architecture?) no longer has copy a “Copy Password” button. LastPass support suggested that this might not be changing anytime soon. We rely on this a lot for different terminal-based work, so it was a sad revelation.
This bothered me enough that I made my own LastPass popup thing for my Linux desktop and as a bonus the workflow is also much faster than it was in the browser.
https://github.com/cspeterson/dotfiles/blob/master/.bin/lastpass-dmenu
Here is the code in case I move the file or something and forget to update this post:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
IFS=$'\n' # List all entries in LastPass vault into dmenu formatted as follows # Folder/subfolder/Name of Site [username at site] [id: id for lookup] entries=($(lpass ls --long \ | cut -d ' ' -f 3- \ | sed 's/\[username: /[/' \ | sed 's/\(.*\)\(\[.*\]\) \(\[.*\]\)/\1 \3 \2/') ) # Get id from dmenu user selection selid=$(printf '%s\n' "${entries[@]}" \ | dmenu -i -p 'LastPass: ' -l 7 \ | sed 's/^.*\[id: \([0-9]\{1,\}\)\].*$/\1/') # Password to clipboard lpass show --clip --password ${selid} |
Documentation for the script is in the file, but here is exactly what install could look like on Ubuntu, for example
1 2 3 4 5 6 7 8 9 |
sudo apt-get update # Lastpass cli is the lastpass cli client from LastPass themselves sudo apt-get install dmenu lastpass-cli mkdir $HOME/.bin wget -O $HOME/.bin/lastpass-cli https://raw.githubusercontent.com/cspeterson/dotfiles/master/.bin/lastpass-dmenu chmod +x $HOME/.bin/lastpass-cli # Login to lastpass-cli one time and it will remember your email for the # future lpass login myuser@ias.edu |
And then run it there(no) or bind it to a hotkey(yes) in your window manager/whatever (I think this is under Keyboard settings in e.g. Gnome?).
When the menu pops up, just start typing the entry you want. It searches through both entry Name and Username. Whichever entry you select in the dmenu popup, the corresponding password will drop into your clipboard. Easy peasy.
Security
By default as of this writing, lpass seems to just leave your password in the X primary clipboard forever (or until overwritten). It recognizes an environment variable however, LPASS_CLIPBOARD_COMMAND
, where you can specify your clipboard command and arguments. This allows for a setting like the following
1 |
export LPASS_CLIPBOARD_COMMAND="xclip -selection clipboard -in -l 1" |
Which will allow one X selection request (i.e. a paste action) before this value is cleared from the clipboard. Hopefully the default will change in the future to be more secure? But there go in the meantime.
<edit> After further consideration it seems the environment variable trickery above will remain the only solution, so get used to it 😉