My command-line password manager
Feb. 17th, 2013 07:18 pmFirst, I installed the EasyPG mode for Emacs that allows transparently editing GPG-encrypted files. Emacs will prompt you for the encryption passphrase when you open a file named something.gpg, and prompt for a new passphrase when you save the file. Enabling it is easy once the necessary Elisp files have been installed; just add (require 'epa-file) (epa-file-enable)
to your ~/.emacs file.
Second, create an encrypted password file in this format:
Site user id password MyBank.com joeuser password Facebook joe.user password2
The only requirement is that the information for each site is kept on one line, because we'll be grepping it later. You can also add headers, additional info such as security questions, or whatever. Mine is grouped into sections for financial accounts, social accounts, shopping accounts, etc.
Third, add this to your ~/.bashrc:
function readpass () { # Change the file path in the next line to match your location. GPGCMD="gpg -o - --no-mdc-warning ${HOME}/.PASSWORD.gpg" if [ "$1" ] ; then output=`$GPGCMD | grep -i "$1"` echo "$output" # Output the first password and paste it into the clipboard. echo "$output" | head -1 | awk '{print $2}' | pbcopy else $GPGCMD | less fi }
This makes a 'readpass' function that will invoke GPG to decrypt the file, and GPG will prompt you for the passphrase. If you just do 'readpass' in your shell, the entire file is piped to 'less' and you can page through it and search. If you do 'readpass mybank', the file is searched case-insensitively for the string and only the first matching line is output; generally it's pretty easy to get the right search substring for the password you want. The last field of the line is piped into 'pbcopy', which is a MacOS tool that puts stdin into the system clipboard. (For Linux, consult this list of alternatives to pbcopy.)
I haven't yet gotten annoyed enough to automate the generation of random passwords. Probably I'd write a make-random-password
Elisp function and then just invoke it with M-x make-random-password.
I also don't mind retyping my GPG password; I could probably reduce the frequency by generating a new public key for myself and then using public-key instead of symmetric encryption. That way only opening the file would need the passphrase and saving the file would just use my public key.