pass

- posix password manager 🔒
git clone git://git.acid.vegas/pass.git
README.md (5196B)
      1 # pass
      2 > posix password manager
      3 
      4 A very simple password manager that keeps passwords inside gpg encrypted files inside a simple directory tree.
      5 
      6 Similar to [password-store](https://git.zx2c4.com/password-store/about/), but written in POSIX compliant shell script instead of bash.
      7 
      8 ## Requirements
      9 - [gpg](https://gnupg.org/)
     10 - [tree](https://oldmanprogrammer.net/source.php?dir=projects/tree)
     11 
     12 ###### Optional Requirements
     13 - [nano](https://www.nano-editor.org/)                      *(required only if environment variable `$EDITOR` is not set)*
     14 - [pinentry-dmenu](https://github.com/ritze/pinentry-dmenu) *(required for menu)*
     15 - [xclip](https://github.com/astrand/xclip)                 *(required for menu to copy passwords)*
     16 - [xdotool](https://github.com/jordansissel/xdotool)        *(required for menu to type passwords)*
     17 - [oath-toolit](https://www.nongnu.org/oath-toolkit/)       *(required for 2FA)*
     18 - [gnupg2-scdaemon](https://linux.die.net/man/1/scdaemon)   *(required for smartcard support)*
     19 
     20 ## Config
     21 Edit the source code to change these settings:
     22 
     23 | Setting    | Description                                                                                                      |
     24 | ---------- | ---------------------------------------------------------------------------------------------------------------- |
     25 | `GPG_ID`   | Default GPG key ID to use for encrypting/decrypting                                                              |
     26 | `GPG_OPTS` | Do not edit this unless you know what you are doing                                                              |
     27 | `METHOD`   | Method used for the menu *("copy" will use xclip to copy passwords & "type" will use xdotool to type passwords)* |
     28 | `PASS_DIR` | Directory to store all password information                                                                      |
     29 
     30 ## Usage
     31 | Command            | Description                                                                                                  |
     32 | ------------------ | ------------------------------------------------------------------------------------------------------------ |
     33 | `pass`             | Display a directory tree of stored passwords                                                                 |
     34 | `pass <path>`      | Display password information for `<path>` or a directory tree of stored passwords if `<path>` is a directory |
     35 | `pass menu`        | Use pass in dmenu *(Selected line is copied to the clipboard or typed out depending on the `METHOD` used)*   |
     36 | `pass edit <path>` | Display stored password information for `<path>`                                                             |
     37 | `pass gen <len>`   | Generate a random password that is `<len>` characters long                                                   |
     38 | `pass otp <path>`  | Return a 2-Factor-Authenticaion code for `<path>` *(Last line of `<path>` must be a valid otpauth:// URI)*   |
     39 
     40 ###### Note
     41 `<path>` is not a direct path per-say. If the password is stored in `$PASS_DIR/www/github.gpg` all you have to put is `www/github` for `<path>`
     42 
     43 When using the menu, the clipboard is cleared after 3 seconds or passwords are typed after 3 seconds, depending on what `METHOD` you set in the config.
     44 
     45 For setting up 2FA, you can download the QR code image & use [zbar](https://github.com/mchehab/zbar) to convert it to a string to get a valid URI.
     46 
     47 ## Pinentry Setup
     48 To keep everything in the command line, make sure you edit your `$HOME/.gnupg/gpg-agent.conf` to include `pinentry-program /usr/bin/pinentry-curses`
     49 
     50 If you plan on using the menu features, [pinentry-dmenu](https://github.com/ritze/pinentry-dmenu) will allow you to enter your GPG key password inside of dmenu, but in order to do that you will need to create a wrapper for pinetry at `$HOME/.gnupg/pinentry-wrapper`:
     51 ```
     52 if [ "$PINENTRY_USER_DATA" = "dmenu" ]; then
     53     exec /usr/local/bin/pinentry-dmenu "$@"
     54 else
     55     exec /usr/bin/pinentry-curses "$@"
     56 fi
     57 ```
     58 Make it executable with `chmod +x $HOME/.gnupg/pinentry-wrapper` and then edit your `$HOME/.gnupg/gpg-agent.conf` to include `pinentry-program $HOME/.gnupg/pinentry-wrapper`.
     59 
     60 ## SmartCard Support
     61 Using a [Smart Card](https://en.wikipedia.org/wiki/Smart_card) such as a [YubiKey](https://www.yubico.com/) with pass simply requires setting up your GPG key to recognize your card.
     62 
     63 First, you will need to install `scdaemon` & enable the service on your system in order to recognize your smartcards. After you set this up, you can check if your card is recognized with the `gpg --card-status` command.
     64 
     65 Edit your GPG key with `gpg --edit-key [Your-Key-ID]` & run the follow commands in the interactive session:
     66 ```
     67 key 1
     68 keytocard
     69 save
     70 ```
     71 
     72 ## Ideas & TODO
     73 - Hash file names for obsurity *(`pass rm <entry>` & `pass mv <entry>` since file names will be hashed)*
     74 - Better way than using a hard coded `GPG_ID` & maybe on the fly `METHOD` selection
     75 
     76 ___
     77 
     78 ###### Mirrors for this repository: [acid.vegas](https://git.acid.vegas/pass) • [SuperNETs](https://git.supernets.org/acidvegas/pass) • [GitHub](https://github.com/acidvegas/pass) • [GitLab](https://gitlab.com/acidvegas/pass) • [Codeberg](https://codeberg.org/acidvegas/pass)