feat templater: Add 'pass' lookup function

This introduces support for looking up secret values in the 'pass' command line
tool (https://www.passwordstore.org/).

Values like passwords can be interpolated from pass and even more complex
structures like certificates for Kubernetes Secrets can be retrieved and base64-
encoded as necessary.

Fixes #2

2 files changed, 33 insertions, 0 deletions

diff --git a/templater/pass.go b/templater/pass.go
new file mode 100644
index 000000000000..f1dc82986174
--- /dev/null
+++ b/templater/pass.go
@@ -0,0 +1,32 @@
+// This file contains the implementation of a template function for retrieving variables from 'pass', the standard UNIX
+// password manager.
+package templater
+
+import (
+	"fmt"
+	"os"
+	"os/exec"
+
+	"github.com/polydawn/meep"
+)
+
+type PassError struct {
+	meep.TraitAutodescribing
+	meep.TraitCausable
+	Output string
+}
+
+func GetFromPass(key string) (string, error) {
+	fmt.Fprintf(os.Stderr, "Attempting to look up %s in pass\n", key)
+	pass := exec.Command("pass", "show", key)
+
+	output, err := pass.CombinedOutput()
+	if err != nil {
+		return "", meep.New(
+			&PassError{Output: string(output)},
+			meep.Cause(err),
+		)
+	}
+
+	return string(output), nil
+}
diff --git a/templater/templater.go b/templater/templater.go
index fc7433ff10e3..5e38ddf893d0 100644
--- a/templater/templater.go
+++ b/templater/templater.go
@@ -158,6 +158,7 @@ func templateFuncs() template.FuncMap {
 		b, _ := json.Marshal(data)
 		return string(b)
 	}
+	m["passLookup"] = GetFromPass
 
 	return m
 }