A partial drop-in replacement for pass and pass-otp written in POSIX shell.
git clone
Log | Files | Refs | README | LICENSE

commit 682ad5b6fa6177f2e8c51a7c7e3f8dc85c1b64b9
parent bb46db8a9144e6e2231fc122476139c0640f486a
Author: St John Karp <>
Date:   Tue, 31 May 2022 09:13:45 -0400

Remove the temporary file regardless of whether the gpg command fails

Previously the temp file could have been left in place if the gpg
command failed for some reason. Now, if it exists, it should always
get cleaned up.

There remains one scenario where it might be left dangling, and
that's if the whole balrog process gets killed. I'm not sure what
to do about that scenario. I could spawn a cleanup process that
would delete the file after balrog exits, but you could still just
hard power off the computer and be left with a dangling file. My
current thinking is just to leave it for the time being --- it's
in the user's home folder, so it's not readable by any other users,
and it'll get overwritten next time balrog is invoked.

Mbalrog | 11++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/balrog b/balrog @@ -78,9 +78,14 @@ while [ -n "$ACTION" ] ; do "${EDITOR:-vi}" "$TMP_FILE" [ -f "$TMP_FILE" ] && - gpg2 --quiet --yes --encrypt --default-recipient-self --output "$KEY_FILE" "$TMP_FILE" 2> /dev/null && - rm "$TMP_FILE" || - echo "No changes..." + ( + gpg2 --quiet --yes --encrypt \ + --default-recipient-self \ + --output "$KEY_FILE" "$TMP_FILE" \ + 2> /dev/null || + echo "No changes..." ; + rm "$TMP_FILE" + ) ACTION='' ;;