ALL NPPS Members

[Brett Viren <bv AT bnl.gov>]

Nice, Shuwei.

pass is pretty flexible in part because it does not dictate a format for
its encrypted records so we can build ideas on top of it.

I "wrote" (LLM-assisted) a little tool called "passdb" that turns pass
entries into something more rich.  It does dictate a format, which is
one people tend to already use.  In exchange it adds some templated
formatting and processing that lets it, for example, emit shell
environment variable settings that may include the "secret" or other
fields in the record.

The motivation for this tool was that I'm dealing with an ever growing
set of APIs for LLM usage that require a variety of ways to specify API
keys and I don't want ever let API keys land in a repo.

Code and some examples are here:

  https://github.com/brettviren/passdb

Keep the hacks coming! :)

-Brett.

"Ye, Shuwei" <yesw AT bnl.gov> writes:

> Dear all,
> Inspired by Bret's idea of generating OTPs in the command line, I've 
> developed a tool to automate SSH
> and SCP access to CERN lxplus using OTP and Kerberos. Once set up, you can 
> simply run ssh-lxplus to
> connect without the need to manually copy and paste your 2FA code, while 
> seamlessly utilizing your
> existing Kerberos token for CERN.CH.
> You can find the relevant scripts in the repository here:
> https://github.com/yesw2000/modern-linuxtools/tree/master/ssh-cern/
> Setup for Mac: To install the OTP prerequisites and initialize 2FA, 
> download and run the following script:
> bash
> $ wget 
> https://raw.githubusercontent.com/yesw2000/modern-linuxtools/refs/heads/master/ssh-cern/Install-OTP_tools-Mac.sh
> $ bash Install-OTP_tools-Mac.sh
> Usage: After setup, download the ssh-lxplus (for SSH connections) and 
> scp-lxplus (for file transfers)
> scripts:
> bash
> $ wget 
> https://raw.githubusercontent.com/yesw2000/modern-linuxtools/refs/heads/master/ssh-cern/ssh-lxplus
> $ chmod +x ssh-lxplus
> $ ./ssh-lxplus
> Note: The scripts will ask for your CERN username on the first run and will 
> automatically update themselves to
> save it for future use.
> You can find more details in the documentation here:
> https://github.com/yesw2000/modern-linuxtools?tab=readme-ov-file#-cern-sshscp-with-automatic-2fa
> Cheers,
> --Shuwei
>
> ---------------------------------------------------------------------------------------
> From: Viren, Brett
> Sent: Thursday, February 5, 2026 12:24 PM
> To: Ye, Shuwei
> Cc: NPPS members
> Subject: Re: [[Phys-npps-members-l] ] Browser-based OTP authenticator for 
> all OS 
>
> "Ye, Shuwei" <yesw AT bnl.gov> writes:
>
>> Zhaoyu asked about OTP alternatives to phone apps.
>
> An alternative for anyone like me that lives in the command line:
>
>   $ pass otp com/github/me/totp | xclip
>
>   *paste*
>
> Ingredients:
>
> - https://www.passwordstore.org/
> - https://github.com/tadfisher/pass-otp
>
> -Brett.

Attachment: signature.asc
Description: PGP signature