#!/bin/bash declare -A dupe_tally dupe_map pass_names="$(pass names -l)" [ $? -ne 0 ] && exit 1 pass_count="$(echo "$pass_names" | wc -l)" if [ "$pass_count" -gt 10 ] ; then cat << EOF >&2 pass-duplicates needs to decrypt all your passwords one-by-one to cross-match them. This is all done in-memory, and nothing is saved to disk. You appear to have $pass_count passwords, so this may take some time... EOF fi while read pass_name ; do hash="$(pass show "$pass_name" | head -n1 | sha1sum | cut -c1-40)" dupe_map["$pass_name"]="$hash" dupe_tally["$hash"]=$(( ${dupe_tally["$hash"]} + 1 )) done < <(echo "$pass_names") unique_duplicates=0 total_shared=0 for talley_key in "${!dupe_tally[@]}" ; do [ "${dupe_tally["$talley_key"]}" -le 1 ] && continue; unique_duplicates=$(( $unique_duplicates + 1 )) echo "same password:" for pass_name in "${!dupe_map[@]}" ; do [ "${dupe_map["$pass_name"]}" != "$talley_key" ] && continue; echo "- $pass_name" total_shared=$(( $total_shared + 1 )) done echo done echo "summary:" if [ $unique_duplicates -eq 0 ] ; then echo "- no duplicates" else cat << EOF - found $unique_duplicates password(s) that were used more than once - you should change all $total_shared passwords listed above EOF fi