LetMePass! - Credential Syncronizer

Since we have begun working as remote developers because of COVID-19, I developed a different way of thinking and time to time questioning myself about the things that I do repetitively. And this blog post is about one of them.

Everyone in the industry uses some type of registry system, like the Docker registry, npm registry, NuGet registry, maybe they are separate, or perhaps they are under an umbrella, like JFrog Artifactory like we use at work.

Recently, I realized that I always have to change/edit NuGet.Config or .npmrc file to keep them updated with the credentials that I got on the LastPass. Personally, I use and prefer 1Password but, LastPass is something that I use only for company-related credentials, anyway. I find myself copy-paste this token/user-name all time, I slightly have an idea about when it expires but, no idea my environment wants me to update them every now and then ツ

So, I came up with the idea that updates my local environment credentials based on the updates on LastPass, when the token rotates there. The mechanism updates my local dev environment.

I created a small Go application for fun, and have been using for a while by myself, and the idea is worth sharing, maybe it can be improved, or there might be people out there who suffer from the same problem, who knows ಠ‿ಠ

Here is the project called LetMePass and the logic is:

We have a YAML configuration file that knows our needs, such as our integration points. What we are connected to, right now it only supports npm and NuGet.

A glance to the YAML file:

username: "user@email.com"
password: "pass"
keyName: "token_key_name_at_the_last_pass"
resources:
  nuget:
    sources:
      - "https://your_artifactory_url/api/nuget/dev-nuget-ci"
      - "https://your_artifactory_url/artifactory/api/nuget/dev-nuget-release"
    projects:
        - /Users/osoykan/Projects/company/project/
  npm:
    registryName: "@company"
    sources:
        - "https://your_artifactory_url/api/npm/dev-npm-release"
    projects:
        - /Users/osoykan/Projects/company/project/src/webapps
  • username is your user name for LastPass, password also.
  • keyName is the Group or Key that holds the information of JSON token in LastPass.
  • resources is an object that knows our npm and NuGet information.
    • You could have multiple NuGet sources that use the same token
    • We can define multiple projects that will have our NuGet configuration. Basically, NuGet.Config gets copied after the main one is updated, which sits under ~/.config/NuGet/NuGet.Config.
    • registryName for scoped npm registry in Artifactory, if you have private company packages under a scope we refer from here.

So, this is the necessary file to configure the application. When you run it, it interacts with NuGet command-line application; that’s why it needs to be installed and in the PATH.

There will be one token that will generate our NuGet and npmrc files, either base64 encoded(for npmrc) or raw.

Here is the visual diagram that explains how it works: flow

While this small app is for fun and very specific to my needs, I hope you also find it useful.

You can find the source code here.

comments powered by Disqus