Securely Backup Text Files with LastPass CLI
The easiest and most convenient way to securely backup files using the command line is with the
aws s3 docs).
S3 buckets support versioning and default encryption
(which causes uploaded files to be encrypted at rest).
If you’re already managing your passwords with LastPass, you have another option for securely
backing up misfit text files.
LastPass users who typically interact with their vault via a browser plugin may be surprised to learn
of an official command line utility called
lpass that provides access to secure items.
See the man page for subcommands and details.
lpass, a text file (or any content piped from stdin) can be stored as a LastPass secure note.
As with S3, LastPass secure notes are versioned and can be selectively shared.
Run the following command to start the agent. You will be prompted for your LastPass password.
lpass login YOUR_LASTPASS_USERNAME
This authentication scheme fits nicely into a developer workflow but is less well suited to fully automated tasks. The AWS CLI loads credentials from a predefined file which is more convenient for automation. Check out Vault by HashiCorp if you have more elaborate requirements for managing secrets and don’t mind running a standalone server instance.
Backup a File as a Secure Note
Run the following command to create or update a secure note named yoursite.com/config.json using the contents of config.json.
cat config.json | lpass edit --notes --non-interactive yoursite.com/config.json && \ lpass sync
I recommend adding the command to a Makefile or similar.
Duplicate the first line for additional files (
lpass sync only has to run once at the end).
LastPass expects note contents to be plain text and I don’t see a way to add attachments from the command line. It might be possible to use base64 encoded binary data but not very much of it. According to LastPass Support:
You can enter up to 45,000 characters in a secure note.
Restore a File from a Secure Note
Run the following command to write the contents of the secure note named yoursite.com/config.json to config.json.
lpass show --notes yoursite.com/config.json > config.json
Comments are closed for this post.