emacs-lastpass icon indicating copy to clipboard operation
emacs-lastpass copied to clipboard

Published 20 hours ago verified publisher icon storvik

Metadata

Emacs LastPass command wrapper.

Emacs LastPass

MELPA CI

A lastpass command wrapper for Emacs. Includes an interactive LastPass mode for managing accounts and some useful functions which can be used to include LastPass in your settings and configurations. Also featuring a custom auth-source backend allowing LastPass integration.

Table of Contents

  • Installation
    • lastpass-list-all-delimiter
    • Multifactor authentication
  • Auth-source backend
  • LastPass manager
  • Function lists
    • Interactive functions
      • lastpass-login
      • lastpass-logout
      • lastpass-status
      • lastpass-getfield (field account)
      • lastpass-getpass (account)
      • lastpass-getuser (account)
      • lastpass-visit-url (account)
      • lastpass-addpass (account user password url group)
      • lastpass-version
      • lastpass-create-auth-source-account (account hostname)
      • lastpass-auth-source-enable
    • Other functions
      • lastpass-runcmd (cmd &rest args)
      • lastpass-pipe-to-cmd (cmd prepend &rest args)
      • lastpass-logged-in-p
      • lastpass-getid (account)
  • Example usage
    • Mu4e pre-compose check and offlineimap with LastPass
    • Auth-source configuration for gmail

Installation

To use this package LastPass CLI version 1.1.0 or newer must be installed. The easiest way to install and configure emacs lastpass is to include this in your init.

(use-package lastpass
  :config
  ;; Set lastpass user
  (setq lastpass-user "[email protected]")
  (setq lastpass-trust-login t)
  ;; Enable lastpass custom auth-source
  (lastpass-auth-source-enable))

lastpass-list-all-delimiter

This variable can be used to customize how emacs-lastpass interacts with the lpass command utility ls function. Should be set to a character that is not to be found in any of the following fields:

  • id
  • account name
  • group
  • user name

Multifactor authentication

When using multifactor authentication the variable lastpass-multifactor-use-passcode must reflect wether the user should be prompted for a passcode or not. By default this variable is set to nil, hence only authentication without passcode is supported. To enable authentication with passcode, add the following to your init (or in :config in the configuration example above);

(setq lastpass-multifactor-use-passcode t)

Auth-source backend

LastPass auth-source backend can be enabled with the function (lastpass-auth-source-enable). Host, in emacs, must match the LastPass account name to make this work. Recommended way of achieving this is to keep a seperate group, for example auth-source, containing all accounts that should be used together with the auth-source backend. Configuration example can be seen in the Example usage section. To implement this an advice is used, note that support for the newer 'auth-source-backend-parser-functions is also included:

(if (boundp 'auth-source-backend-parser-functions)
    (add-hook 'auth-source-backend-parser-functions #'lastpass-auth-source-backend-parse)
  (advice-add 'auth-source-backend-parse :before-until #'lastpass-auth-source-backend-parse))

To ease the process of creating a valid auth-source entry in LastPass, the helper function lastpass-create-auth-source-account should be used.

Thanks to Damien Cassou and his auth-password-store for help and guidance.

LastPass manager

Interactive lastpass manager can be invoked with M-x lastpass-list-all. Actions in lastpass-list-all:

  • enter open URL in browser
  • n next line
  • p previod line
  • r reload accounts
  • a add or generate password
  • s show password
  • w add password to kill ring
  • m move account to group
  • c create auth-source from account
  • d delete account
  • q quit

Hooks

lastpass-logged-in-hook

Hook run on successful login.

Function lists

List of functions in this package.

Interactive functions

Functions that can be run interactively by the M-x interface.

lastpass-login

Runs lpass login asynchronously and asks user for password. Note that since this is an asynchronous process it will NOT wait for user input to continue. If lastpass-trust-login is non nil the --trust option will be added, and all subsequent login request will not require multifactor authentication.

lastpass-logout

Logs out of lpass using the --force option. Good practice to do this whenever lpass functions aren't needed.

lastpass-status

Check if lastpass-user is logged in and prints message to minibuffer.

lastpass-getfield (field account)

Display custom field for given account. field should match field from LastPass and account can be either account id or account name.

lastpass-getpass (account)

Display password for given account. account can be either account id or account name.

lastpass-getuser (account)

Display username for given account. account can be either account id or account name.

lastpass-visit-url (account)

Open URL in web browser. If run interactively it prompts for account, which can be either account name or unique ID.

lastpass-addpass (account user password url group)

Add account to LastPass. Account name, user and password must be specified, but url and group can be set to nil. When run interactively user is prompted for input. If password is set to nil, or empty string when run interactive, it will be generated. Default length is set in lastpass-pass-length and no symbols can be turned on with lastpass-no-symbols.

lastpass-version

Display lastpass command line interface version.

lastpass-create-auth-source-account (account hostname)

Create a copy of the given account and rename it with the given hostname. All auth-source accounts are stored in the auth-source group in lastpass. This function is meant to simplyfy the process of creating a valid auth-sourec entry in LastPass. When using this function in lastpass-list-all, see lastpass-list-all-create-auth-source-account.

lastpass-auth-source-enable

Enable LastPass auth-source backend.

Other functions

Functions that can't be run invteractively.

lastpass-runcmd (cmd &rest args)

Run lpass command cmd with arguments args. Returns a list containing return code and return string, (returncode, returnstring). Can be used to run custom lpass commmand not implementet in lastpass.el.

lastpass-pipe-to-cmd (cmd prepend &rest args)

Pipe prepend to lpass command cmd with arguments args. Returns a list containing return code and return string, (returncode, returnstring). The prepend string must be formatted to correspond with lpass notation, see man lpass. Can for example be used to add account to LastPass:

(lastpass-pipe-to-cmd "add" "Username: Foo\nPassword: bar" "FooBarAccount")

This corresponds to the following shell command:

printf "Username: Foo\nPassword: bar" | \
    lpass add FooBarAccount --non-interactive

lastpass-logged-in-p

Check if lastpass-user is logged in. Returns nil if user not logged in. Example usage below.

lastpass-getid (account)

Get LastPass id for account. Returns nil if no match for account.

Example usage

Mu4e pre-compose check and offlineimap with LastPass

Check if logged in to LastPass before running mu4e update. Continues with update if user is logged in and asks user to log in if not.

(defun lastpass-mu4e-update-mail-and-index (update-function &rest r)
  "Check if user is logged in and run UPDATE-FUNCTION with arguments R."
  (unless (lastpass-logged-in-p)
    (lastpass-login)
    (error "LastPass: Not logged in, log in and retry"))
  (apply update-function r))

(advice-add 'mu4e-update-mail-and-index :around #'lastpass-mu4e-update-mail-and-index)

This snippet can be used together with offlineimaps pythonfile and use LastPass when fetching mail. offlineimap.rc should contain the follwing:

[general]
pythonfile = ~/offlineimap.py

[Repository Remote]
type = IMAP
remotehost = imap.gmail.com
remoteuser = [email protected]
remotepasseval = getLpass()

The python script offlineimap.py should look like:

#!/usr/bin/env python2
from subprocess import check_output

def getLpass():
    return check_output("lpass show --password AccountName", shell=True).strip("\n")

Auth-source configuration for gmail

Use LastPass auth-source when sending mail. This will replace the .authinfo file containing account and password information. For this to work, lastpass-auth-source-enable must be run. The following mail configuration can be used:

(setq message-send-mail-function 'smtpmail-send-it
      smtpmail-stream-type 'starttls)
      smtpmail-smtp-server "smtp.gmail.com"
      smtpmail-smtp-user "[email protected]"
      smtpmail-smtp-service 587)

For this to work the lastpass account name must be smtp.gmail.com, i.e.

LastPass Vault
      └── auth-source
            └── smtp.gmail.com

Metadata

25
Stars
6
Forks
Watchers

Owner

verified publisher icon storvik

Metadata

Emacs LastPass command wrapper.

Back