A small, focused release that adds a line selector for picking a single line out of a multiline secret — most useful for the pass convention of storing the password on line 1 and metadata (username, URL, etc.) on subsequent lines.
Added
Line selector for multiline secrets (#446) -- @fgrosse
Secrets now accept a 1-indexed line field that returns just the Nth line of the resolved value. This matches the pass show <entry> --clip=N convention and lets you expose multiple fields from a single pass entry as separate secrets:
[providers.pass]
type = "password-store"
prefix = "fnox/"
[secrets]
# `pass show fnox/database` returns:
# <password>
# <username>
DB_PASSWORD = { provider = "pass", value = "database", line = 1 }
DB_USERNAME = { provider = "pass", value = "database", line = 2 }Details worth knowing:
lineis mutually exclusive withjson_path; using both on the same secret is an error.- Line splitting uses
str::lines(), so\r\nendings are handled cleanly and a single trailing newline doesn't shift indices. line = 0and out-of-range values produce clear error messages (e.g.`line = 5` is out of range; secret has 2 line(s)).- Post-processing applies uniformly to provider, default, and env-var sources.
fnox syncandfnox reencryptcache the raw provider value, not the post-processed view, so the selector stays a read-only projection.fnox setstill overwrites the entire entry —lineis read-only. Edit individual lines of an existing entry withpass edit <entry>.
See the password-store provider docs for a full walkthrough.
New Contributors
Full Changelog: v1.22.0...v1.23.0
💚 Sponsor fnox
fnox is maintained by @jdx under en.dev — a small independent studio building developer tooling like mise, aube, hk, and more. Keeping fnox secure, maintained, and free is funded by sponsors.
If fnox is handling secrets or config for you or your team, please consider sponsoring at en.dev. Sponsorships are what let fnox stay independent and the project keep moving.