A lastpass command wrapper for Emacs.
Includes an interactive LastPass mode for managing accounts and some useful functions which can be used to include LastPass in your settings and configurations.
Also featuring a custom auth-source
backend allowing LastPass integration.
Table of Contents
- Installation
- Auth-source backend
- LastPass manager
- Function lists
- Interactive functions
lastpass-login
lastpass-logout
lastpass-status
lastpass-getfield (field account)
lastpass-getpass (account)
lastpass-getuser (account)
lastpass-visit-url (account)
lastpass-addpass (account user password url group)
lastpass-version
lastpass-create-auth-source-account (account hostname)
lastpass-auth-source-enable
- Other functions
- Interactive functions
- Example usage
To use this package LastPass CLI version 1.1.0 or newer must be installed. The easiest way to install and configure emacs lastpass is to include this in your init.
(use-package lastpass
:config
;; Set lastpass user
(setq lastpass-user "foobar@foobar.com")
;; Enable lastpass custom auth-source
(lastpass-auth-source-enable))
This variable can be used to customize how emacs-lastpass interacts with the lpass
command utility ls
function.
Should be set to a character that is not to be found in any of the following fields:
id
account name
group
user name
When using multifactor authentication the variable lastpass-multifactor-use-passcode
must reflect wether the user should be prompted for a passcode or not.
By default this variable is set to nil
, hence only authentication without passcode is supported.
To enable authentication with passcode, add the following to your init (or in :config
in the configuration example above);
(setq lastpass-multifactor-use-passcode t)
LastPass auth-source backend can be enabled with the function (lastpass-auth-source-enable)
.
Host, in emacs, must match the LastPass account name to make this work.
Recommended way of achieving this is to keep a seperate group, for example auth-source, containing all accounts that should be used together with the auth-source backend.
Configuration example can be seen in the Example usage section.
To implement this an advice is used, note that support for the newer 'auth-source-backend-parser-functions
is also included:
(if (boundp 'auth-source-backend-parser-functions)
(add-hook 'auth-source-backend-parser-functions #'lastpass-auth-source-backend-parse)
(advice-add 'auth-source-backend-parse :before-until #'lastpass-auth-source-backend-parse))
To ease the process of creating a valid auth-source entry in LastPass, the helper function lastpass-create-auth-source-account
should be used.
Thanks to Damien Cassou and his auth-password-store for help and guidance.
Interactive lastpass manager can be invoked with M-x lastpass-list-all
.
Actions in lastpass-list-all
:
enter
open URL in browsern
next linep
previod liner
reload accountsa
add or generate passwords
show passwordw
add password to kill ringm
move account to groupc
create auth-source from accountd
delete accountq
quit
List of functions in this package.
Functions that can be run interactively by the M-x
interface.
Runs lpass login asynchronously and asks user for password. Note that since this is an asynchronous process it will NOT wait for user input to continue.
Logs out of lpass using the --force option. Good practice to do this whenever lpass functions aren't needed.
Check if lastpass-user
is logged in and prints message to minibuffer.
Display custom field for given account.
field
should match field from LastPass and account
can be either account id or account name.
Display password for given account.
account
can be either account id or account name.
Display username for given account.
account
can be either account id or account name.
Open URL in web browser. If run interactively it prompts for account, which can be either account name or unique ID.
Add account to LastPass.
Account name, user and password must be specified, but url and group can be set to nil
.
When run interactively user is prompted for input.
If password is set to nil
, or empty string when run interactive, it will be generated.
Default length is set in lastpass-pass-length
and no symbols can be turned on with lastpass-no-symbols
.
Display lastpass command line interface version.
Create a copy of the given account and rename it with the given hostname.
All auth-source accounts are stored in the auth-source
group in lastpass.
This function is meant to simplyfy the process of creating a valid auth-sourec entry in LastPass.
When using this function in lastpass-list-all
, see lastpass-list-all-create-auth-source-account
.
Enable LastPass auth-source
backend.
Functions that can't be run invteractively.
Run lpass command cmd
with arguments args
.
Returns a list containing return code and return string, (returncode, returnstring).
Can be used to run custom lpass commmand not implementet in lastpass.el
.
Pipe prepend
to lpass command cmd
with arguments args
.
Returns a list containing return code and return string, (returncode, returnstring).
The prepend string must be formatted to correspond with lpass notation, see man lpass
.
Can for example be used to add account to LastPass:
(lastpass-pipe-to-cmd "add" "Username: Foo\nPassword: bar" "FooBarAccount")
This corresponds to the following shell command:
printf "Username: Foo\nPassword: bar" | \
lpass add FooBarAccount --non-interactive
Check if lastpass-user
is logged in.
Returns nil
if user not logged in.
Example usage below.
Get LastPass id for account. Returns nil if no match for account.
Check if logged in to LastPass before running mu4e update. Continues with update if user is logged in and asks user to log in if not.
(defun lastpass-mu4e-update-mail-and-index (update-function &rest r)
"Check if user is logged in and run UPDATE-FUNCTION with arguments R."
(unless (lastpass-logged-in-p)
(lastpass-login)
(error "LastPass: Not logged in, log in and retry"))
(apply update-function r))
(advice-add 'mu4e-update-mail-and-index :around #'lastpass-mu4e-update-mail-and-index)
This snippet can be used together with offlineimaps pythonfile
and use LastPass when fetching mail.
offlineimap.rc
should contain the follwing:
[general]
pythonfile = ~/offlineimap.py
[Repository Remote]
type = IMAP
remotehost = imap.gmail.com
remoteuser = foobar@gmail.com
remotepasseval = getLpass()
The python script offlineimap.py
should look like:
#!/usr/bin/env python2
from subprocess import check_output
def getLpass():
return check_output("lpass show --password AccountName", shell=True).strip("\n")
Use LastPass auth-source when sending mail.
This will replace the .authinfo
file containing account and password information.
For this to work, lastpass-auth-source-enable
must be run.
The following mail configuration can be used:
(setq message-send-mail-function 'smtpmail-send-it
smtpmail-stream-type 'starttls)
smtpmail-smtp-server "smtp.gmail.com"
smtpmail-smtp-user "foobar@gmail.com"
smtpmail-smtp-service 587)
For this to work the lastpass account name must be smtp.gmail.com
, i.e.
LastPass Vault
└── auth-source
└── smtp.gmail.com