password-sanity (pws) is a very simple command line tool for managing passwords. Writing this was primarily motivated by the pure insanity that it would be to have good password practices without the help of software (hence the name) and the desire to avoid cloud crap or some complex GUI. The goal is to have safe, secure password storage for multiple accounts while still being easy and convienent to use.
There is an AUR package available for Arch users.
You can also install the versioned release through pip.
# pip install password-sanity
Note that you don't have to actually install pws. You could just execute it directly. You will need python-gnupg and python-pyperclip.
$ git clone https://github.com/Dudemanguy/password-sanity.git
$ cd password-sanity
$ python setup.py sdist
# pip install dist/password-sanity-{version}.tar.gaz
password-sanity relies on gpg for encryption and decryption. You will need to have generated your own gpg key pair with the private key in your keyring. Just run gpg --full-gen-key
and follow the instructions. After you have a usable gpg key, you need to specify two variables in the ~/.config/pws/config
(AppData\Roaming\pws\config
for Windows) file (simply create it if it doesn't exist) like so:
The gpg
field is simply the email field you specified for the gpg key created earlier.
If you want to move to another machine, you'll need to export the private key. On the other machine, import the key and set the trust level to ultimate (needed if you want encryption/decryption to work). Be sure to move the key securely. The best practice is probably just copying it over with a usb drive and then nuking the usb with zeros after you're done. The master.asc file can be transported in any way you like since it is secure, and only you can decrypt it.
On the first usage, pws will prompt you to create the encrypted master file. The location is ~/.local/share/pws/master.asc
(AppData\Roaming\pws\master.asc
on Windows).
Install any available shell (bash/zsh) completions with:
# pws --install-completions
You can add a new account profile to the master file:
pws --new-profile profile-name
The above will autogenerate a random password of length 16 (guaranteed to have at least one digit, lowercase, uppercase, and special character). If you wish to change the password length, you can just pass the --password-length
argument:
pws --new-profile profile-name --password-length 24
If you want to manually type a password in, use --password-length 0
.
Modify an existing profile:
pws --modify-profile profile-name
You can pass --password-length
and --field
with --modify-profile
as well.
List all saved profiles:
pws --list-profiles
Removing profiles:
pws --remove-profile profile-name
Retrieving a profile's password and storing it in the system's clipboard:
pws --get-profile profile-name
Retrieving a profile's username and storing it in the system's clipboard:
pws --get-profile profile-name --field username
Creating a brand new encrypted master:
pws --new-master
Copying the master and encrypting it with a new gpg key:
pws --copy-master [email protected] path/to/new/file.asc
The structure of the decrypted master.asc file is simply JSON. The highest level key fields are the names of the profiles. In each profile field, there is a username
and password
key with the appropriate matching value. You can create your own master.asc with whatever method you like as long as it follows this structure. Just encrypt with the same gpg key you use with pws and save it as ~/.local/share/pws/master.asc
.
Example:
{
"profile1": {
"username": "user1",
"password": "pass1"
},
"profile2": {
"username": "user2",
"password": "pass2"
},
"profile3": {
"username": "user3",
"password": "pass3"
}
}
- Write some manpages
GPLv3