lastpass cli generate with pronounceable password - lastpass

I'm using the lastpass cli to update passwords used in an automation process. I would like these passwords to be pronounceable. Is there an arguments flag that can do this?
$ lpass generate
Usage: lpass generate [--sync=auto|now|no] [--clip, -c] [--username=USERNAME] [--url=URL] [--no-symbols] {NAME|UNIQUEID} LENGTH

Related

How to use laspass-cli to view a password?

Lastpass-cli is the command-line interface of the Lastpass password manager. It can be downloaded by typing
sudo apt install lastpass-cli
in the terminal of GNU/Linux, Cygwin and Mac OS X system.
It is invoked by typing 'lpass'.
I have logged in using my username, master password, 2FA key.
I am trying to access using lpass one of the passwords stored in my Lastpass vault.
I know both the username and rough structure of the URL.
I tried lpass show
But I am unable to decipher the man page to decide what should I type to get the password.
To show the password just run
lpass show YOUR_KEY
If you already know the key name, if not you can combine it using grep to find you secret password name.
Check this tutorial to learn how to use lpass cli
https://yallalabs.com/linux/how-to-install-lastpass-cli-linux.

How can I use a linux system variable in my Jenkinsfile?

I want to use a curl with a username and password that I set in the bashrc. ie:
curl -u $jenkuser:$jenkpass foobar.org
but this isn't working for me. So what is a good way to set secret credentials that I don't want in my repo/Jenkinsfile
Create a Jenkins project with Execute shell build step. In that shell you can run curl command and to set credentials, there is one option named This build is parameterized, where you can create Password Parameter. These parameters can be used in shell with curl command. Here is screenshot of my test project.
This way is secure because password is stored in encrypted format.
.

HTTPie prompts for password

I am using HTTPie to make edgegrid authenticated calls to a set of REST APIs, but httpie always asks for password which hinders my ability to make calls in a shell script. The password is my localhost/system password, which after inputing, the command executes fine.
~/Desktop/DevOps/HTTPie/apiscripts-wip/tech_jam/casemanagement$ ./pull_cases.sh
http: password for techjam#localhost:
Question -> how do avoid this? Is there some issue with my environment set up?
--auth, -a
Pass a username:password pair as the argument. Or, if you only specify a username (-a username), you'll be prompted for the password before the request is sent.
https://httpie.org/doc#authentication
So you just need to update your script to include the password:
http -A edgegrid -a techjam:YOURPASSWORD --timeout=300 ':/case-management/v2/cases?duration=30&type=company-active'
(Btw, you don't need to—and probably don't even want to—change the default options in the config to include --auth-type, etc. The command above contains all those options so you can just rm ~/.httpie/config.json.)

How do I use travis encrypt to encrypt browserstack key?

I am having trouble getting my browserstack credentials to work on Travis. The credentials work locally if I don't encrypt the key and trigger the build from my local by just using environment variables.
I am using travis encrypt, which is instructed here: https://docs.travis-ci.com/user/browserstack/ but I am not sure I am using it correctly and am having difficulty finding documentation on the command.
If my browserstack key is foo, should the command be:
travis encrypt foo
travis encrypt BROWSERSTACK_ACCESS_KEY=foo
travis encrypt BROWSERSTACK_ACCESS_KEY="foo"
or something else? I am using the output of the command and putting it at the end of my .travis.yml like so:
addons:
browserstack:
username: "myusername"
access_key:
secure: "encryptedkey"
But I am consistently getting Browserstack access_key is invalid. in my Travis build.
Since Travis uses bash to evaluate this (iirc) you should use single quotes instead as bash will not expand special characters within single quotes. And you could probably also wrap the whole thing in double quotes for good measure, so this should work:
travis encrypt "BROWSERSTACK_ACCESS_KEY='foo'"
Also, if I understand your use of this secret correctly you should do something like this instead to configure the addon:
secure: "$BROWSERSTACK_ACCESS_KEY"

Execute a sudo command in Ruby on Rails app

I am trying to execute a command like this from a Ruby on Rails app:
sudo service squid3 restart
If i try it with this code:
output = ´sudo service squid3 retsart´
It don't work, in the console i see that linux asks the password.
How can i pass a password with this command? Or other suggestions...
You can add the following line to your sudoers file (/etc/sudoers)
rails_user ALL=(root) NOPASSWD:/usr/sbin/service
This will basically let the rails_user user execute the service command as sudo, and the system won't ask you for a password.
rails_user should be replaced with whatever user that you are running your rails process under. And you should also make sure that
Defaults requiretty
is not present in your /etc/sudoers. If not you won't be able use sudo from a script.
You can try the sudo -S flag if available on you system (check man):
echo secretPasswd | sudo -S service squid3 restart
This means that the password will be in clear so you can add the user which needs to perform the task to the sudoers (which creates another security issue by the way).
Does your sudo have a -A switch?
-A
Normally, if sudo requires a password, it will read it from the current terminal. If the -A (askpass) option is specified, a helper program is executed to read the user's password and output the password to the standard output. If the SUDO_ASKPASS environment variable is set, it specifies the path to the helper program. Otherwise, the value specified by the askpass option in sudoers(5) is used.
I wouldn't recommend having the password available in any way to your web server processes though so you'd want to use the sudoers file.
You can use the expect method to catch the password prompt and send the password. However, it might be a better idea to allow your Rails user access to the service command without a password using the NOPASSWD option in /etc/sudoers.

Resources