commit - bd38331cd80bd0efb64c0262b10a2a2a0780b999
commit + ca70700ed21b39d87999d27df889121d54dfaf35
blob - b4bd84600ca578708a326c130905f4bcf860b1cc
blob + 97ee7d297f1c176c3003c6c17fa32c6fe05c0b01
--- gpm
+++ gpm
@@ -99,26 +99,28 @@ sub prunetree {
 # on the command line.
 sub add {
 	our ($opt_N, $opt_n, $opt_m);
-	my ($r, $sec, $cmd) = (getrecipient(), '', "$gpg -e");
+	my ($r, $sec) = (getrecipient(), '');
 
-	$cmd .= " -r $r" if defined $r;
-
 	getopts('Nnm') or usage();
 	$#ARGV >= 0 or usage();
 
+	my $cmd = $ENV{GPM_ENCCMD} //
+	    "$gpg -e" . (defined $r ? " -r $r" : "") . " --";
+
 	my $outfile = $ARGV[0];
 	ckpath $outfile or die "bad path: $outfile\n";
 
 	-e $outfile and die "$outfile already exists\n";
 
 	if (-t STDIN && !$opt_m) {
+		open TTY, "/dev/tty" || die "couldn't open /dev/tty: $!\n";
 		system "stty -echo";
 
 		print "Secret:";
-		$sec = <STDIN>;
+		$sec = <TTY>;
 		print "\n";
 		print "Repeat:";
-		my $sec2 = <STDIN>;
+		my $sec2 = <TTY>;
 		print "\n";
 		if ($opt_n && !$opt_N) {
 			chomp $sec;
@@ -126,6 +128,7 @@ sub add {
 		}
 
 		system "stty echo";
+		close TTY;
 		die "Sorry\n" if $sec ne $sec2;
 		undef $sec2;
 	} else {
@@ -211,10 +214,18 @@ sub get {
 	my ($Nflag, $nflag) = @_;
 	$#ARGV >= 0 or usage();
 	my $file = $ARGV[0];
+	my $cmd = $ENV{GPM_DECCMD} // "$gpg -d --";
 
 	ckpath $file or die "bad path $file\n";
-	$file = shellquote(cklegacy $file);
-	my $out = `$gpg -d $file`;
+
+	open(my $freader, "<", $file) or die "Can't open < $file: $!";
+	my $pid = open2(my $cmdreader, my $cmdwriter, $cmd);
+	print $cmdwriter $_ while (<$freader>); 
+	close $cmdwriter;
+	close $freader;
+	my $out = '';
+	while (<$cmdreader>) { $out .= $_; }
+	waitpid $pid, 0;
 	$? == 0 or exit 1;
 	chomp($out) if ($nflag && !$Nflag);
 
@@ -292,6 +303,7 @@ my $cmd = $ARGV[0];
 shift @ARGV;
 
 $gpg = $opt_g // $ENV{GPM_GPG} // "gpg";
+$gpg = $opt_g // $ENV{GPM_GPG} // "gpg";
 
 my $gpmd = $opt_d // $ENV{GPM_DIR};
 unless (defined $gpmd) {
blob - 6f001fdb83113a3063e773e87187e652e70289f8
blob + c76d3c2a3348814bae7bf9a3eab0a09a73b04e45
--- gpm.1
+++ gpm.1
@@ -17,11 +17,10 @@
 .Os
 .Sh NAME
 .Nm gpm
-.Nd gpg-based secret (or password) manager
+.Nd general secret (or password) manager
 .Sh SYNOPSIS
 .Nm
 .Op Fl d Ar dir
-.Op Fl g Ar command
 .Ar command
 .Op Ar arg ...
 .Sh DESCRIPTION
@@ -29,7 +28,9 @@ The utility
 .Nm
 is a secret manager.
 Secrets are stored in a directory tree as files, encrypted with
-.Xr gpg 1 .
+.Xr gpg 1
+or a custom command (see
+.Sx ENVIRONMENT ) .
 .Nm
 provides several commands for manipulating secrets.
 Commands may be specified by their shortest unique prefix (all characters
@@ -41,12 +42,6 @@ Commands may be preceeded by global options as follows
 The directory to store and retrieve secrets from.
 Overrides
 .Ev GPM_DIR .
-.It Fl g Ar command
-The
-.Xr gpg 1
-command.
-Overrides
-.Ev GPM_GPG .
 .El
 .Pp
 The
@@ -188,9 +183,14 @@ automatically, before any options specified on the com
 .El
 .Sh ENVIRONMENT
 .Bl -tag -width XDG_DATA_HOME
-.It Ev GPM_GPG
-Shell command to invoke
-.Xr gpg 1 .
+.It Ev GPM_ENCCMD
+Command used for encryption.
+.Dq gpg -e \-\-
+if not set.
+.It Ev GPM_DECCMD
+Command used for decryption.
+.Dq gpg -d \-\-
+if not set.
 .It Ev GPM_DIR
 Directory in which the secrets are stored.
 .It Ev XDG_DATA_HOME