#password-manager #secure-password #pass #mozilla

app pass-fxa

Upload a password-store to Firefox Accounts

6 releases (3 breaking)

0.4.1 Feb 14, 2023
0.4.0 Nov 8, 2022
0.3.0 Aug 6, 2021
0.2.1 Aug 6, 2021
0.1.0 Aug 5, 2021

#1594 in Command line utilities

GPL-3.0-or-later

63KB
1K SLoC

pass-fxa

Crates.io Crates.io

A program that uses Firefox's builtin password manager with zx2c4's pass.

It is meant to be used instead of other traditional browser extensions such as passff and Browserpass with the following benefits:

  • More portable: there is no need to install native messaging host
  • Potentially more secure by reducing some of the attack surface:
  • The native browser UI is better (anecdotal evidence)

Installation

Using pre-built binaries from the CI

Linux, macOS and Windows binaries are available on the release page. These binaries are built by GitHub Actions CI.

Using cargo install

From crates.io

cargo install pass-fxa

From git

cargo install --git https://github.com/NilsIrl/pass-fxa.git

Usage

Just run pass-fxa. That's it!

pass-fxa will attempt to find your firefox credentials by looking for a password for which the URL is firefox.com. It will use these credentials to then upload your passwords to your Firefox Account (passwords are E2E encrypted).

If multiple records are available, it is possible to specify which to use:

pass-fxa --pass-name firefox.com/example@riseup.net

It is also possible to remove passwords from FxA if they are in your password store, effectively reverting the uploading operation:

pass-fxa [--pass-name <pass-name>] delete

Store format

The URL & username can be obtained in 2 different ways:

  1. As fields in each file login, username, user for the username and url, uri, website, site, link and launch for the URL.
  2. From the filepath, with the containing folder being the domain and the filename the username

For example the following store define logins with username:

  • example@riseup.net for github.com
  • example for riseup.net
  • robert for yahoo.com
github.com
  example@riseup.net
email
  riseup.net
    example
  yahoo.com
    robert

Records can be explicitly excluded from being uploaded by adding the line fxa: exclude to a password file. It is also possible to only upload some passwords by adding the line fxa: include. Passwords that have as host firefox.com are excluded by default.

pass-fxa is licensed under the GNU GENERAL PUBLIC LICENSE Version 3 and the underlying library for communication with FxA, pass-fxa-lib, is licensed under the GNU LESSER GENERAL PUBLIC LICENSE Version 3.

Copyright © 2021-2023 Nils André-Chang

Dependencies

~16–32MB
~521K SLoC