feat: Dont' display empty fields. This mimics native apps behavior

Jari Turkia · Jari Turkia · commit 2f4d324cdc67 · 2026-06-04T13:54:27.000+03:00
diff --git a/cmd/enpasscli/main.go b/cmd/enpasscli/main.go
@@ -230,6 +230,18 @@ func collectEntries(vault *enpass.Vault, args *Args, includeSensitive bool) ([]e
 		if c.IsTrashed() && !*args.trashed {
 			continue
 		}
+		// Non-password field values are stored in cleartext; Decrypt() returns
+		// them as-is. For password fields, Decrypt() actually decrypts.
+		value, derr := c.Decrypt()
+		if derr != nil {
+			return nil, fmt.Errorf("could not decrypt %s/%s: %w", c.Title, c.Label, derr)
+		}
+		// Match the Enpass native apps' view mode: hide empty-value template
+		// placeholders that a user never filled in (e.g. "Date Mod", "Field 6").
+		// Sections are visual dividers and stay even when empty.
+		if value == "" && c.Type != "section" {
+			continue
+		}
 		g, ok := groups[c.UUID]
 		if !ok {
 			g = &entryView{
@@ -247,12 +259,6 @@ func collectEntries(vault *enpass.Vault, args *Args, includeSensitive bool) ([]e
 			Label:     c.Label,
 			Sensitive: c.Sensitive,
 		}
-		// Non-password field values are stored in cleartext; Decrypt() returns
-		// them as-is. For password fields, Decrypt() actually decrypts.
-		value, derr := c.Decrypt()
-		if derr != nil {
-			return nil, fmt.Errorf("could not decrypt %s/%s: %w", c.Title, c.Label, derr)
-		}
 		isTOTP := c.Type == "totp"
 		hasValue := value != ""
 		// TOTP fields are classified as sensitive: in list mode neither the
@@ -372,40 +378,53 @@ func outputDetailed(logger *logrus.Logger, entries []entryView, args *Args) {
 			if name == "" {
 				name = f.Type
 			}
+			// Three-level hierarchy: record header (no indent), section header
+			// (4 spaces), regular field (8 spaces). Regular fields are at the
+			// same depth whether the record has sections or not, so columns
+			// stay aligned across records.
+			indent := fieldIndent
+			if f.Type == "section" {
+				indent = sectionIndent
+			}
 			if f.Type == "totp" && (f.TOTPCode != "" || f.TOTPError != "") {
-				renderTOTPField(logger, name, f)
+				renderTOTPField(logger, indent, name, f)
 				continue
 			}
 			switch {
 			case f.Sensitive && f.Value == "":
-				logger.Printf("    %s (%s): ********", name, f.Type)
+				logger.Printf("%s%s (%s): ********", indent, name, f.Type)
 			case f.Value != "":
-				logger.Printf("    %s (%s): %s", name, f.Type, f.Value)
+				logger.Printf("%s%s (%s): %s", indent, name, f.Type, f.Value)
 			default:
-				logger.Printf("    %s (%s)", name, f.Type)
+				logger.Printf("%s%s (%s)", indent, name, f.Type)
 			}
 		}
 	}
 }
 
+const (
+	sectionIndent = "    "
+	fieldIndent   = "        "
+)
+
 // renderTOTPField prints a TOTP field. When the code could be computed we
 // show it; otherwise we tell the user the value is dynamic. The secret is
 // only included when collectEntries chose to expose it (i.e. show mode).
-func renderTOTPField(logger *logrus.Logger, name string, f fieldView) {
+func renderTOTPField(logger *logrus.Logger, indent, name string, f fieldView) {
 	parts := []string{}
 	switch {
 	case f.TOTPCode != "":
 		parts = append(parts, "code "+f.TOTPCode)
 	case f.TOTPError != "":
 		parts = append(parts, "<dynamic TOTP value>")
 	default:
-		logger.Printf("    %s (%s)", name, f.Type)
+		logger.Printf("%s%s (%s)", indent, name, f.Type)
 		return
 	}
 	if f.Value != "" {
 		parts = append(parts, "secret: "+f.Value)
 	}
-	logger.Printf("    %s (%s): %s", name, f.Type, strings.Join(parts, "  "))
+	logger.Printf("%s%s (%s): %s", indent, name, f.Type, strings.Join(parts, "  "))
 }
 
 // anchorField picks the field that represents the entry in compact mode.
