jeet

Trash Workflow

 

This should do what you want, except I chose 'trash' as my keyword instead of 'delete'. Hope this helps

you are awesome. this is exactly what I was looking for.   thank you so much!

Well first off, the workflow doesn't do anything stupid like store your passwords.

 

Fundamentally, to use any encrypted data, it first needs to be decrypted.

 

With any password manager, when your encrypted store is unlocked, either the master password/decryption key or the decrypted passwords are now in memory.

 

I don't know exactly how the LastPass CLI program works, or how it differs from the browser-based applications, but your data is fundamentally at risk whenever the password store is accessible (i.e. unlocked). Personally, I'd be more inclined to trust software that isn't directly connected to the browser I'm entering the password in: it insulates your sensitive data better from bugs in the browser or extension.

 

To maximise security, you want the password store to be automatically locked after use. The shorter the time it remains unlocked, the better.

 

In that regard, disabling the agent timeout is not a great idea, but it's no worse than setting the browser extension to never time out.

 

Ultimately, it's always a compromise between security and convenience. If you're happy to enter your master password every time you need a site password, then that will minimise the possibility of your passwords being pilfered from your machine by malware. On the other hand, if you leave your password store unlocked whenever the app is running, that makes it more tolerable to use a longer, stronger master password, which makes the encrypted data stored in the cloud more secure.

Thank you for giving insights. This helped me in understanding it little more. 

i am not a technical person and don't know anything about capture:tiny, homebrew etc. But I have installed everything and i am on the stage of logging in pinentry    

 /usr/local/bin/lpass login [--trust] [--plaintext-key [--force, -f]] USERNAME

i am hesitant to ask, and you can laugh or beat me to death but I have gathered strength to ask this :

is there a risk of my master password or site passwords getting compromised this way? There is a lot going on in CLI and i don't know what all code my MasterPassword would go through and which host/domain these scripts might connect from background. I appreciate this fantastic workflow and don't doubt you at all. its just that i want to know the background work these scripts would do. 

Apologies if i offended you or anybody.

Regards,

Jay

i am not a technical person and don't know anything about capture:tiny, homebrew etc. But I have installed everything and i am on the stage of logging in pinentry  

 /usr/local/bin/lpass login [--trust] [--plaintext-key [--force, -f]] USERNAME

i am hesitant to ask, and you can laugh or beat me to death but I have gathered strength to ask this :

is there a risk of my master password getting compromised this way? There is a lot going on in CLI and i don't know what all code my MasterPassword would go through and which host/domain these scripts might connect from background. I appreciate this fantastic workflow and don't doubt you at all. its just that i want to know the background work these scripts would do. 

Apologies if i offended you or anybody.

Regards,

Jay

It will be great if we could delete a file by simply saying "delete <filename>". I searched everywhere but there is no such workflow in alfred, launchbar or quicksilver.

I know there is an operations menu which we can access by option+command+\ but thats a cumbersome process. as a CLI fan i like typing a command and be done with it. 

"delete <filename>" can suggest multiple files if they start with same name. then with up/down arrow key we can select the file. this will fill the text box with the filename which we intend to delete like "delete text.Docx" . simply press enter and move it to trash.