Module askpass 

Structs

PasswordSourceOption

A password source option for the picker overlay.

Enums

BwStatus

Bitwarden vault status.

ProtonStatus

Proton Pass CLI authentication status.

Constants

PASSWORD_SOURCES

Functions

bw_unlock

Unlock the Bitwarden vault with the given master password. Passes the password via env var to avoid exposure in ps output. Returns the session token on success.

bw_vault_status

Check the Bitwarden vault status by running bw status.

cleanup_marker

Clean up retry markers after a successful connection. ProxyJump connections create one marker per hop and the parent process only knows the final target alias, so we clear every ~/.purple/.askpass_* file on success. Each marker has a 60s expiry; this just keeps rapid reconnects snappy and prevents a stranded bastion marker from blocking the next attempt.

describe_source

Parse an askpass source string and return a description for display.

handle

Handle an SSH_ASKPASS invocation. Called when purple is invoked as an askpass program. Reads the password source from the host’s # purple:askpass comment and retrieves it.

keychain_has_password

Check if a password exists in the OS keychain for this alias.

proton_login

Log in to Proton Pass with a Personal Access Token. PAT is supplied via the PROTON_PASS_PERSONAL_ACCESS_TOKEN env var so it never appears in argv. Returns an error wrapping pass-cli’s stderr on non-zero exit so the prompt loop can surface it.

proton_status

Check whether pass-cli is installed and the user is logged in. Uses pass-cli test (not info) because in pass-cli 2.x info exits 0 even without a session and only reports the error on stderr. test is the command that actually exits non-zero when authentication is missing.

remove_from_keychain

Remove a password from the OS keychain.

retrieve_keychain_password

Retrieve a password from the OS keychain. Public for keychain migration on alias rename.

store_in_keychain

Store a password in the OS keychain.