Applied changes

borgmatic/config/schema.yaml

@@ -2689,10 +2689,10 @@ properties:
                     Path to a key file for unlocking the KeePassXC database.
                 example: /path/to/keyfile
             yubikey:
-                type: boolean
+                type: string
                 description: |
-                    Whether to use a YubiKey for unlocking the KeePassXC database.
-                example: true
+                    Path or identifier for the YubiKey to use for unlocking the KeePassXC database.
+                example: /path/to/yubikey
         description: |
             Configuration for integration with the KeePassXC password manager.
     default_actions:

borgmatic/hooks/credential/keepassxc.py

@@ -17,7 +17,6 @@ def load_credential(hook_config, config, credential_parameters):
     '''
     try:
         database_path, attribute_name = credential_parameters[:2]
-        extra_args = credential_parameters[2:]  # Handle additional arguments like --key-file or --yubikey
     except ValueError:
         raise ValueError( f'Invalid KeePassXC credential parameters: {credential_parameters}')
 
@@ -25,7 +24,11 @@ def load_credential(hook_config, config, credential_parameters):
 
     if not os.path.exists(expanded_database_path):
         raise ValueError( f'KeePassXC database path does not exist: {database_path}')
-
+    
+    # Retrieve key file and Yubikey options from config
+    key_file = hook_config.get('key_file')
+    yubikey = hook_config.get('yubikey')
+    
     # Build the keepassxc-cli command
     command = (
         tuple(shlex.split((hook_config or {}).get('keepassxc_cli_command', 'keepassxc-cli')))
@@ -37,8 +40,13 @@ def load_credential(hook_config, config, credential_parameters):
             expanded_database_path,
             attribute_name,
         )
-        + tuple(extra_args)  # Append extra arguments
     )
+    
+    if key_file:
+        command += ('--key-file', key_file)
+    
+    if yubikey:
+        command += ('--yubikey', yubikey)
 
     try:
         return borgmatic.execute.execute_command_and_capture_output(command).rstrip(os.linesep)

tests/unit/hooks/credential/test_keepassxc.py

@@ -143,9 +143,9 @@ def test_load_credential_with_key_file():
 
     assert (
         module.load_credential(
-            hook_config={},
+            hook_config={'key_file': '/path/to/keyfile'},
             config={},
-            credential_parameters=('database.kdbx', 'mypassword', '--key-file', '/path/to/keyfile'),
+            credential_parameters=('database.kdbx', 'mypassword'),
         )
         == 'password'
     )
@@ -168,6 +168,7 @@ def test_load_credential_with_yubikey():
             'database.kdbx',
             'mypassword',
             '--yubikey',
+            '/path/to/yubikey',
         )
     ).and_return(
         'password'
@@ -175,9 +176,9 @@ def test_load_credential_with_yubikey():
 
     assert (
         module.load_credential(
-            hook_config={},
+            hook_config={'yubikey': '/path/to/yubikey'},
             config={},
-            credential_parameters=('database.kdbx', 'mypassword', '--yubikey'),
+            credential_parameters=('database.kdbx', 'mypassword'),
         )
         == 'password'
     )
@@ -202,6 +203,7 @@ def test_load_credential_with_key_file_and_yubikey():
             '--key-file',
             '/path/to/keyfile',
             '--yubikey',
+            '/path/to/yubikey',
         )
     ).and_return(
         'password'
@@ -209,15 +211,9 @@ def test_load_credential_with_key_file_and_yubikey():
 
     assert (
         module.load_credential(
-            hook_config={},
+            hook_config={'key_file': '/path/to/keyfile', 'yubikey': '/path/to/yubikey'},
             config={},
-            credential_parameters=(
-                'database.kdbx',
-                'mypassword',
-                '--key-file',
-                '/path/to/keyfile',
-                '--yubikey',
-            ),
+            credential_parameters=('database.kdbx', 'mypassword'),
         )
         == 'password'
     )