Hi @DutchPete,

espanso has a few default locations for the configuration files, but they are not changeable at the moment. Where would you like to put them?

Consider also that espanso is not meant for confidential information and thus it should be used with care.

If you give me a bit more detail on how you would use espanso I could help you better.

Thanks

@federico-terzi : why is espanso not meant for confidential info? By "confidential" I mean passwords. I use a password manager that I have been using for years: Keepass, or KeepassXC. But its Autotype feature works less well on the Mac. That's why I would like to use Espanso for a small number of passwords.

I would like to put the default.yaml file on my VeraCrypt drive.

@federico-terzi : why is espanso not meant for confidential info? By "confidential" I mean passwords. I use a password manager that I have been using for years: Keepass, or KeepassXC. But its Autotype feature works less well on the Mac. That's why I would like to use Espanso for a small number of passwords.

All right, this seems like a reasonable use case. That said, if you want to use espanso on password text fields on macOS it could be problematic, as the OS blocks all applications from working with password fields. Have you tried to use espanso in one of those fields? Let me know if it work

I would like to put the default.yaml file on my VeraCrypt drive.

This could definitely be possible, I'll change the name of the issue to reflect this proposal.

Thanks for your help

My 2 cents here (for the password related part):

espanso is providing shell triggers. From my point of view the best way to get passwords from KeepPass is using one of the shell triggers and the command line options from KeePass (see https://keepass.info/help/base/cmdline.html). There is also an alternate solution called kpcli (http://kpcli.sourceforge.net).

It's not required to store the password for KeePass itself in the text files since you can get the same from the MacOS keychain (take a look at this examples: https://www.netmeister.org/blog/keychain-passwords.html).

A combination of those solution will sort out the problems with "secure notes". Another alternative could be to store the data encrypted via GPG and get the values via GPG itself.

This use case is also valid for all password managers like e.g. LastPass and 1Password.

@timorunge proposed a great solution for your problem @DutchPete, I'd definitely go with that one for securely handling passwords through espanso.

That said, I'm planning to include an option to load an external configuration from another location, as I think it can solve also other use cases.

Thanks for your feedback!

@federico-terzi : I am actually not using KeePass but KeepassXC because the former works best on Windows, but not very well on Linux and macOS, whereas the latter works better there. So, the proposal from @timorunge may well be good for Keepass, I don't know if it will work for KeepassXC.

I, and maybe others with me, would appreciate the ability to have the config file in a location of my choice, just like one has the choice where to put personal files and folders.

BTW, thanks for a great text expander !!

All right, this seems like a reasonable use case. That said, if you want to use espanso on password text fields on macOS it could be problematic, as the OS blocks all applications from working with password fields. Have you tried to use espanso in one of those fields? Let me know if it work

It does work on some, e.g. on KeepassXC itself, and on the Disqus login page, but not on others, e.g. SpiderOak.

I would like to put the default.yaml file on my VeraCrypt drive.

This could definitely be possible, I'll change the name of the issue to reflect this proposal.

That would be great !!

@federico-terzi : I have another question about this. Suppose I encrypt the default.yml file when I shutdown my computer; when I boot up again Espanso will fail because it won't find the file, but I can then decrypt the file and restart Espanso.

That way, if ever I have to give my computer for repair (god forbid !!), any passwords I have in Espanso will not be automatically exposed. What do you think Federico?

@federico-terzi : I have another question about this. Suppose I encrypt the default.yml file when I shutdown my computer; when I boot up again Espanso will fail because it won't find the file, but I can then decrypt the file and restart Espanso.

That way, if ever I have to give my computer for repair (god forbid !!), any passwords I have in Espanso will not be automatically exposed. What do you think Federico?

I'm still convinced that using a proper password manager would be the best solution. That said, your solution should work :)

@federico-terzi : I fully agree with you, a password manager is best, which is why I use KeepassXC. I have 1 particular situation where it is not practical, hence that 1 particular password in Espanso.

I will give the default.yml encryption a try, and if it works use it till Espanso allows the user to determine the location for the config file ;-) Thanks for your advice.

@federico-terzi : just to complete the discussion, I have found a much simpler way. At then end of each day I will transfer the default.yml file to a location on my VeraCrypt drive, which is encrypted when my computer is shutdown.

In the morning, after boot up, I will exit Espanso, transfer default.yml back to its normal location, and restart Espanso. A smart scripter could automate this.

OK Federico, we can leave it at this, just thought I'd let you know, and possibly others who might be interested. Ciao.

I've been thinking about your problem for a while. Maybe you could even make this work with a symbolic link located in the espanso config directory that points to your desired configuration.

@federico-terzi : the thought flashed through my mind when I 1st started to think about it but I let it go because I thought it was pie in the sky. 1 second and it was gone.

I must say that sounds very interesting now that you have mentioned it. All I would have to do after booting my computer is exit Espanso and restart it. Done :-)

And you would not have to change anything in Espanso to allow a different config location.

I am not much of a coding expert, or any sort of computer expert. Could you tell me what syntax I would have to add to default.yml that points to the other location where the real default.yml would be located?

@DutchPete: Take a look at: https://kb.iu.edu/d/abbe

In fact, if your VeraCrypt drive is mounted before espanso is starting you don't even have to restart espanso.

@timorunge : no, my VC drive is not mounted before Espanso starts. Espanso starts when the computer gets booted. Only when the boot process is complete can I mount the VC drive.

The link you provided is useful, it seems simple to create a symbolic link. The syntax that's mentioned is
ln -s source_file myfile

What surprises me is that the paths to source file and target file are not mentioned. If that is not necessary, would you know how to actually implement this?

The way I understand it is as follows. The default.yml file with all my snippets is currently in /Library/Preferences/espanso. The file could be moved to my VC drive. Then, to create that symbolic link I could execute the ln -s source_file myfile command. But in that command there is no path indicating the source file (i.e. the default.yml file on the VC drive), nor is there a path indicating to where "myfile" should be created (i.e. in /Library/Preferences/espanso).

@DutchPete you could use something along these lines:

ln -s /path/to/your/cv/drive/default.yml /Library/Preferences/espanso/default.yml

where /path/to/your/cv/drive/default.yml is the path of your configuration file present in the VC drive

@federico-terzi : many thanks for that.

When I execute that command, I get this feedback:
ln: /Library/Preferences/espanso: Permission denied.

How can I obtain permission?

@DutchPete there is a ~ missing. Try this one:

ln -s /path/to/your/cv/drive/default.yml ~/Library/Preferences/espanso/default.yml

@timorunge : yes, that did the trick.

1 last question: when I open Library/Preferences/espanso/ there a default.yml file with a Windows shortcut-like arrow on it, indicating it is a shortcut indeed. When I open that file, however, it shows all my snippets. Am I right in saying that the shortcut file can only show the snippets as long as the VeraCrypt drive, where the original default.yml file now resides, is mounted?

@DutchPete in short: Yes.

Imagine a Symlink like an Alias on MacOS (it's actually the same).

The shortcut will stay there all the time. If your VeraCrypt drive is mounted you (and espanso) will be able to access it. If your VeraCrypt drive is not mounted it will point to a reference which is not existing - therefore you and espanso won't be able to access it.

@timorunge : thanks Timo. I am actually using it on a Mac, but am new to macOS. Everything is clear. Before executing the command I exited Espanso, then did the transfer and the symlink creation, then started up Espanso again and everything works fine.

I want to thank you and @federico-terzi for all your patience and help.
BTW, @federico-terzi I just recommended Espanso to someone else - Github.

@federico-terzi & @timorunge : just to close the issue correctly, I can now confirm the following. After shutting down my computer and booting up, Espanso did not launch. I subsequently mounted the VeraCrypt drive, Espanso via the terminal, and it is running fine. Perfect. In other words, in my use case, after booting up the computer the 1st 2 things I need to do are mount my VeraCrypt drive and start Espanso, in that order.

So the solution and implementation suggested by @federico-terzi, together with the fine-tuning by @timorunge is excellent, and, exactly what I was looking for. Many thanks, guys.

Glad you got it working @DutchPete, have a nice day :)