show secret key (while safecontent = true)

[cloonix]

Hi!

I'm sure someone has asked this before, but I couldn't find it.

I use the configuration option "show.safecontent = true." I've noticed that this option doesn't handle unsafe keys in a secret. I would expect to be able to use "gopass show secret" the same way I could use "gopass show secret key."

Did I miss something?

#> gopass show -u test/website
✔ Copied test/website to clipboard. Will clear in 45 seconds.
Secret: test/website

secret123
key1: test1
key2: test2
key3: test3
unsafe-keys: key2

#> gopass show  test/website
✔ Copied test/website to clipboard. Will clear in 45 seconds.
Secret: test/website

key1: test1
key2: *****
key3: test3
unsafe-keys: key2

#> gopass show  test/website key2
✔ Copied test/website to clipboard. Will clear in 45 seconds.
Secret: test/website
Key: key2

test2

[AnomalRoil]

This looks like expected behavior, you are explicitly asking to display an unsafe key, so we assume that's what you really wanna do.
The idea behind show.safecontent is to prevent accidentally displaying sensitive data onscreen when displaying the whole secret, but not to prevent you from accessing it easily if that's what you want to do.

Just like gopass still displays the password if you're using gopass -o test/website, because -o is explicitly about the secret, it also displays the content of an unsafe key if it's explicitly requested to.

The idea is that the content of an unsafe-key is a secret anyway, and so there would be nothing to display. In order to "only clip" without displaying the secret, one should use gopass -c test/website key2.

We do have an onlyclip option for the otp action, so I guess we could have the same for show, but I find -c to be fine on my side.

[cloonix]

I understand your point. In my case, I sometimes share my screen and have to remember to use the -c option. I would prefer to hide everything by default.

I usually save API secrets as keys.

Thanks for your input. I can live with that.