Expose secret in a virtual filesystem

[mcanevet]

It would be nice to have some kind of virtual filesystem to transparently expose secrets as files (maybe using Fuse).
A lot of applications can take their passphrase to unlock internal secret manager from a file. It would be nice to keep it stored in a gopass store and not have to unseal it in a file on the real filesystem.

[dominikschulz]

How do you want to protect this virtual filesystem against unauthorised access?
I think having "random" passphrase prompts pop up when an application in the background accesses your FUSE store might be prone to abuse.

[martinhoefling]

One solution to your problem if injecting environment variables containing secrets are an option is summon. See https://www.schwabenlan.de/en/post/2018/01/combining-gopass-and-summon/ and https://github.com/gopasspw/gopass/blob/master/docs/summon-provider.md

[mcanevet]

@martinhoefling great solution, I didn't know summon. This looks nice. I'll have a look at it. Thanks a lot.