A simple tool to import Chrome passwords into gopass.
gopass-chrome-importer parses the .csv
file that can be exported from chrome
and loops over each entry in the list which provides
- a name (of the entry)
- the url
- the username
- the password
- Since not only passwords for websites are stored in chrome all entries are divided into categories which are later used as subfolders when creating the actual secrets in gopass.
- Next the url is simplified based on the category to provide a human readable name for the secret.
- To improve usability with the gopass chrome and firefox plugin the username is used as the file name of the secret.
website
- the url is stripped down to only contain the domain (and all subdomains) f.ex.
import/website/smile.amazon.com/your@mail.com
- the url is stripped down to only contain the domain (and all subdomains) f.ex.
ip
- since saved passwords of IPs can be duplicates based on the network you are in these passwords are sorted into their own category and the url is stripped to only contain the IP (v4)
- IPv6 is currently not detected and would be handled as a website
android
- the url is stripped down to only contain the package of the app f.ex.
import/android/com.paypal.android.p2pmobile/your@mail.com
- the url is stripped down to only contain the package of the app f.ex.
The first line of a secret is always supposed to be a password
with additional info added below separated by a ---
divider.
When a username is available it will be added to the additional info section
which can then be used by the chrome and firefox plugin:
mypassword1234
---
user: myuser
If no user is available just the password is written to the file:
mypassword1234
Since gopass does not provide a non-interactive way to create or modify secrets the fact that
secrets can not only be edited but also created using the gopass edit
command is used to work around this
(security related) limitation. When executing gopass edit /some/secret
gopass creates a temporary decrypted
file inside /dev/shm
for this secret which is then passed to $EDITOR
. gopass-chrome-importer uses this to
its advantage and writes itself into that env variable to process the temporarily decrypted file.
First of all the existing file is checked to prevent overwriting of existing secret data.
If those checks succeed the secret is written to the file in the form described above.
After that gopass encrypts the temporary file with the selected recipients and (if a remote is available)
pushes it to the server.
Now that you hopefully have a good understanding of how this tool works lets actually try it out!
Since this package is not completely without dependencies it is recommended to install it inside a virtualenv:
python3 -m venv ~/path/to/new/virtual/environment
source ~/path/to/new/virtual/environment/bin/activate
pip3 install gopass-chrome-importer
For basic usage the import
command should be all you ever need.
gopass-chrome-importer has a couple of parameters to customize the import result
and you should take a look what they offer before actually importing anything.
For a quick overview call:
gopass-chrome-importer import --help
To test things out before actually importing passwords into gopass (and possibly
pushing them to origin) you can use the -d
or --dry-run
option. This will only output
secret paths and contents where passwords are masked as asterisks to give you an idea of what would
happen.
An example output would look similar to this:
Would import: /import/ip/127.0.0.1/joe
******
---
user: joe
Would import: /import/ip/192.168.0.1/admin
********************
---
user: admin
For safety all examples on this page will include this option.
To set the path to the export.csv
file just use the -p
or --path
option:
gopass-chrome-importer import --path "~/Downloads/Chrome Passwords.csv" --dry-run
By default gopass-chrome-importer will import secrets into an import/
folder. To change this simply
use the -gb
or --gopass-basepath
option:
gopass-chrome-importer import --path "~/Downloads/Chrome Passwords.csv" --gopass-basepath "/test/" --dry-run
By default gopass will ask you some questions when creating a secret like which recipients to use for this secret.
For large lists of passwords this can be quite a hassle. gopass has a built in --yes
option to circumvent this
by always using "Y" or the default (if yes is not an option). This parameter can also be used (in addition to -y
)
in gopass-chrome-importer and will just pass it on to gopass.
gopass-chrome-importer import --path "~/Downloads/Chrome Passwords.csv" --gopass-basepath "/test/" --yes --dry-run
When gopass-chrome-importer tries to save a password in a file that already exists and that file is not empty it will (by default) not change the file contents to prevent accidentally overwriting of existing passwords.
You can force gopass-chrome-importer to ignore this check by using the -f
or --force
option.
Although your existing passwords are versioned in a git and (hopefully) synced to a server side backend be careful and think twice before using this option.
gopass-chrome-importer import --path "~/Downloads/Chrome Passwords.csv" --gopass-basepath /test/ --yes --force --dry-run
GitHub is for social coding: if you want to write code, I encourage contributions through pull requests from forks of this repository. Create GitHub tickets for bugs and new features and comment on the ones that you are interested in.
MIT License
Copyright (c) 2018 Markus Ressel
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.