Pass password through config or environment secret

[belibug]

Support Request

Environment

• Jrnl --diagnostic output: <!-- Run jrnl --diagnostic and paste the output -->

jrnl: v2.8.1 Python: 3.8.10 (default, Jun 2 2021, 10:49:15) [GCC 9.4.0] OS: Linux 5.4.0-77-generic

• Install method:

Pipx

What are you trying to do?

I have jrnl file that is encrypted that i want to access programmatically. How do i pass password as argument or secret in environment variable or some other method without interactively typing the password.

What have you tried?

I have checked the documentation and googled for solution and found none.

Other Information

I know we can use keychain to save the creds, but in my case I am automating something that needs encrypted journal that can accept password in script.

[micahellison]

We don't have something like this right now, but we're interested in implementing this.

However, storing the password in an environment variable seems a little problematic from a security standpoint. We're thinking instead that we might want to store a password retrieval command in an environment variable, such as JRNL_PASSWORD_COMMAND. Then you would be able to use whatever secrets method you prefer, whether it's just ECHOing the variable or using something more sophisticated like SOPS.

We'll add this to the backlog for now. If anyone would like to work on this, feel free to send in a PR.

In the meantime, as a workaround, you should be able to use a tool like expect for something like this, though it wouldn't be as secure.

[micahellison]

Re #1641 - it could also be nice to have this functionality as a command line argument.