from the team:
Hey everyone,
For all of those technical users who love scripting and automating tasks and need direct access to Proton Pass from the terminal, we’ve just released CLI support.
This is built as a fast, secure, and automation-friendly way to access and manage Proton Pass items directly from the terminal.
The feature is available in beta for paid Proton Visionary users, with broader general availability coming soon (Pass Plus, Family, Unlimited, Professional, B2B bundles).
It will:
- Enable scripting, both for personal scripts and for user management in enterprise setups
- Provide secure credential access directly in the terminal
- Allow users to create, read, update, and delete vaults and items
- Let users view, retrieve, create, update, and delete passwords, secure notes, credit cards, identities, WiFi entries, custom items, and stored SSH-key items
- Support vault member management
- Work in CI/CD, servers, containers, and headless environments via app-password authentication
- Enable simple scripted workflows and task automation
Stay in the flow and stay secure with Proton Pass CLI.
Read more: https://proton.me/blog/proton-pass-cli
90% of the time, that’s a valid concern, but you can always read the script first.
And also, if proton wanted to fuck you over, a malicious bash script isnt even a top 10 easy vector. Why trust them with encrypted email if you are suspicious of an install script?
It would be a best practice to read any script you want to run on your system. Although the installation instructions tell you to just pipe it into bash.
My concern is not so much proton fucking you over. There are pleny of attack surfaces between you and the server you’re downloading it from.
Installing software on your system usually lets you check a gpg signature or a hash if you’re downloading a binary. This method provides no such thing.
A company concerned with security and encryption should know better.