from the team:
Hey everyone,
For all of those technical users who love scripting and automating tasks and need direct access to Proton Pass from the terminal, we’ve just released CLI support.
This is built as a fast, secure, and automation-friendly way to access and manage Proton Pass items directly from the terminal.
The feature is available in beta for paid Proton Visionary users, with broader general availability coming soon (Pass Plus, Family, Unlimited, Professional, B2B bundles).
It will:
- Enable scripting, both for personal scripts and for user management in enterprise setups
- Provide secure credential access directly in the terminal
- Allow users to create, read, update, and delete vaults and items
- Let users view, retrieve, create, update, and delete passwords, secure notes, credit cards, identities, WiFi entries, custom items, and stored SSH-key items
- Support vault member management
- Work in CI/CD, servers, containers, and headless environments via app-password authentication
- Enable simple scripted workflows and task automation
Stay in the flow and stay secure with Proton Pass CLI.
Read more: https://proton.me/blog/proton-pass-cli
Thanks for your work! I have a question though. I just installed it and signed in and it authenticated via a browser link. That works for SSHing from a desktop, but the page mentions it being good “In environments where the graphical UI cannot be used”. Is it planned to allow for entering a password and 2FA code when where there truly is no GUI available?
Configurable domain matching please.
I just use Rust Bitwarden(rbw) its works pretty well & I can host my on thing.
Nothing as secure as piping a url to a script into bash. /s
90% of the time, that’s a valid concern, but you can always read the script first.
And also, if proton wanted to fuck you over, a malicious bash script isnt even a top 10 easy vector. Why trust them with encrypted email if you are suspicious of an install script?
90% of the time, that’s a valid concern, but you can always read the script first.
It would be a best practice to read any script you want to run on your system. Although the installation instructions tell you to just pipe it into bash.
And also, if proton wanted to fuck you over, a malicious bash script isnt even a top 10 easy vector. Why trust them with encrypted email if you are suspicious of an install script?
My concern is not so much proton fucking you over. There are pleny of attack surfaces between you and the server you’re downloading it from.
Installing software on your system usually lets you check a gpg signature or a hash if you’re downloading a binary. This method provides no such thing.
A company concerned with security and encryption should know better.
So we get this before a proton drive client for Linux…
Or the VPN client being anywhere near passable… ffs proton
Why VPN client for linux? Wireguard configs can be made in browser gui and easy to deploy
A: I am lazy B: I am extremely lazy
Entirely different teams.
Getting quick access to autofill 1Password items in Alfred via the 1P CLI was one of the last feature parity nice-to-haves remaining to fully switch to Proton Pass. Great to see progress here.
Visionary customer here. This will get used absolutely immediately. Awesome features!
