[spicybright]

How do you get your passwords out of the repo on your phone?

[eptcyka]

The android app allows one to use OprnKeychain, so I can use my gpg key on my yubikey to both authenticate the SSH session to do git pulls and decrypt individual secrets.

[PureParadigm]

git push. The Android app works with git repos from SSH. I also use Wireguard since I run my SSH server behind the VPN, but this is obviously optional since you can just expose your SSH server to the internet.

[spicybright]

Sorry, I meant more on the UI side. Like if I'm on a website that needs a login, do I run a pass command in a local terminal, then copy and paste?

[PureParadigm]

Ah, there is an Android app [1] which you sync the passwords to and it basically presents a list of all your websites. To use a password: tap on the website name, unlock your GPG key, and then see your password and put it in your phone's copy/paste buffer.

[1] https://play.google.com/store/apps/details?id=dev.msfjarvis....

[jimmaswell]

Sounds a lot less convenient than e.g. Samsung Pass. Depends what you value I guess.

[eulenteufel]

On my phone the Android app also asks to fill login forms in Firefox.

[stonecharioteer]

Thank you. I wish OP could have linked what Android app he was using

[zaphirplane]

a bunch of apps busted (tiktok) that polled the iphone’s clipboard, isn’t android also susceptible to that ?

[coldtea]

That's what they meant with "The Android app works with git repos from SSH".

That is: there are GUI mobile and desktop client apps, compatible with the pass storage schemes.

In this case, the parent refers to one such app that can connect to e.g. your GitHub repo with your passes, and read/manage the passwords from there.

[dopidopHN]

This is correct. Pass can only copy it in the paste buffer for 45s.

The command has a nice auto completion and search feature. And calling it without arguing give you a list of all the name of the key you have in a tree view.

I really enjoy using that little utility since I would say 4 or 5 years.

[aborsy]

Do phone apps support Yubikey?

[FrenchyJiby]

Yes!

Termux[0] does supports gpg and pass but no yubikey by default, but okc-agent[1] is a third party binding of OpenKeyChain, providing barebones gpg via yubikey. I use this to decrypt passwords via NFC:

[0]: https://termux.org [1]: https://github.com/DDoSolitary/OkcAgent

Simple password decrypt: okc-gpg -d ~/.password-store/mypass.gpg

I made a termux shortcut (button on homescreen) to emulate pass-dmenu via this ( store in ~/.shortcuts):

  #!/data/data/com.termux/files/usr/bin/env bash

  # Lists passwords in termux dialog, decrypting selection to clipboard for 45s

  # http://redsymbol.net/articles/unofficial-bash-strict-mode/
  set -euo pipefail

  # Inspired by https://git.zx2c4.com/password-store/tree/contrib/dmenu/passmenu
  shopt -s nullglob globstar

  prefix=${PASSWORD_STORE_DIR-~/.password-store}
  password_files=( "$prefix"/**/*.gpg )
  password_files=( "${password_files[@]#"$prefix"/}" )
  password_files=( "${password_files[@]%.gpg}" )

  password_files_csv=$(printf '%s,' "${password_files[@]}")
  choice_json=$(termux-dialog sheet -t "Select password" -v "$password_files_csv")

  choice_exit=$(echo "$choice_json" | jq .code)
  [[ "$choice_exit" == 0 ]] ||  exit

  password=$(echo "$choice_json" | jq .text | tr -d '"')

  okc-gpg -d ~/.password-store/"$password".gpg 2>/dev/null | head -n 1 | termux-clipboard-set
  # pass show -c "$password" 2>/dev/null
  termux-toast -s "Password copied to clipboard"
  sleep 46
  termux-clipboard-set ""
  termux-toast -s "Password remove from clipboard"

[freedomben]

Slightly OT but this is yet another example of why Termux is the killer app for Android. I didn't use to think there was much difference between iOS and Android until I discovered Termux.

[nulbyte]

Most apps delegate PGP functionality to OpenKeychain, which works with Yubikeys. I use a Yubikey 5 NFC and the Password Store app from F-Droid.

[PureParadigm]

The Password Store app delegates key management to another app. I use OpenKeychain [1] for this. I believe OpenKeychain supports Yubikeys, but I haven't used that feature myself so I can't speak about how well it works.

[1] https://www.openkeychain.org/

[GekkePrutser]

It works perfectly both over NFC and USB either OTG micro USB or USB-C.

I only use hardware keys now.

[eptcyka]

It supports PGP keys stored on yubikeys via OpenKeychain. There's talks of removing support for OpenKeychain in lieu of a homegrown implementation since OKC develoent has lost velocity. And their library interface can be a bit cumbersome.

[tazeg95]

https://fr.jeffprod.com/blog/2019/gerez-vos-mots-de-passe-av... (french)

[koolba]

Not having access to your passwords on your phone is considered by some of us as a feature.

[spicybright]

OP said they sync it to their phone.