Retrieve stored credentials securely
gopassskillsetup L1★0
vanducng/skills ↗What it does
Retrieve and manage credentials (API keys, tokens, passwords) from local GPG-encrypted password store
Best for
Scripts that need production secrets without exposing plaintext in env files or shell history.
Inputs
- · Secret path (e.g., personal/ai/openai)
- · [--nosync] flag
Outputs
- · Decrypted secret value
- · Single field extracted (if multi-line secret)
Requires
- · gopass CLI
- · GPG key ring
- · git (for store sync)
Preconditions
gopass initialized; GPG key imported on this machine; password store repo cloned
Failure modes
- · GPG agent stuck → Decryption failed; requires gpgconf --kill gpg-agent restart
- · Wrong path queried → entry not found; use gopass find to discover
- · No TTY → ioctl error; must run from interactive terminal, not pipe
Trust signals
- · Prevents accidental secret leaks via -o (password only) and no stdout/log rules
- · Multi-line secrets support key:value pairs; gopass show <path> <key> extracts field
- · TOTP/OTP built-in: gopass otp <path> for time-based one-time passwords