Add an 'eval_password' option

to read the password from a secrets store

2 files changed, 11 insertions, 1 deletions

diff --git a/src/config.py b/src/config.py
index 6f9ef20b..e8e3269a 100644
--- a/src/config.py
+++ b/src/config.py
@@ -58,6 +58,7 @@ DEFAULT_CONFIG = {
         'enable_user_tune': True,
         'enable_vertical_tab_list': False,
         'enable_xhtml_im': True,
+        'eval_password': '',
         'exec_remote': False,
         'extract_inline_images': True,
         'filter_info_messages': '',
diff --git a/src/connection.py b/src/connection.py
index cd2ccedd..b6d44590 100644
--- a/src/connection.py
+++ b/src/connection.py
@@ -14,6 +14,8 @@ log = logging.getLogger(__name__)
 
 
 import getpass
+import subprocess
+
 import slixmpp
 from slixmpp.plugins.xep_0184 import XEP_0184
 
@@ -43,8 +45,15 @@ class Connection(slixmpp.ClientXMPP):
             if resource:
                 jid = '%s/%s'% (jid, resource)
             password = config.get('password')
-            if not password and not (keyfile and certfile):
+            eval_password = config.get('eval_password')
+            if not password and not eval_password and not (keyfile and certfile):
                 password = getpass.getpass()
+            elif not password and not (keyfile and certfile):
+                print("No password or certificates provided, using the eval_password command.")
+                process = subprocess.Popen(['sh', '-c', eval_password], stdin=subprocess.PIPE,
+                                                        stdout=subprocess.PIPE, close_fds=True)
+                process.wait()
+                password = process.stdout.readline().decode('utf-8').strip('\n')
         else: # anonymous auth
             self.anon = True
             jid = config.get('server')