password manager

I was searching for a new password manager for all my devices and even the server. Thanks to Matthias Fassl [1], he pointed out a cool tool “passwordstore” [2]. Keep it simple stupid, but handy enough to manage all the desired passwords and secrets. In combination with some kewl password generators like “pwqgen” [3] it is really easy to manage a bunch of passwords.

And if you regularly change your private key, here is a useful script for updating the whole vault:

#!/bin/bash # updatePasswdStore.sh SENSE=$2 ONE=1 # For getting singular/plural right (see below). number=0 # Keeps track of how many files actually renamed. EXPECTED_ARGS=4 if [ $# -ne $EXPECTED_ARGS -o \( "$1" != "--test" -a "$1" != "--force" \) ] then echo "NAME" echo -e "\tupdatePasswdStore - Updating gpg encrypted Password files with new key\n" echo "Synopsis" echo -e "\t`basename $0` --force|--test FILEPATTERN NEWKEY pathname\n" echo "Examples" echo -e "\t`basename $0` --test gpg F52048C0C0748FEE227D47A2702353E0F7E48BDB /home/user/.passwordstore" echo -e "\t\tonly shows which files will be updated in the directory /home/user/pwds\n" echo -e "\t`basename $0` --force gpg DEEC310D4A6F392BF313FCDAC631EB6EFBD889B5 /home/user/.password-store" echo -e "\t\tencrypting the files with \"gpg\" in the directory /home/user/.password-store with the new key\n" exit 1 fi n=`gpg -K $3` if [ -z "$n" ]; then echo "$3 is no valid secret key! You wouldn't be able to decrypt your passwords :-(" exit 2 fi if [ -d $4 ]; then echo "Searching for files with \"$SENSE\" in $4 ..." else echo "Directory $4 doesn't exist!" exit 3 fi files=$(find $4 -name *$2* | grep -v ".gpg-id" > .temp) while read file;do if [ "$1" = "--test" ] then echo "$file will be updated" # Dry run ... else echo "Updating $file with new key ..." gpg -d $file > tempfile gpg -e -r $3 --batch --yes --encrypt tempfile # Do the actual encryption! mv tempfile.gpg $file rm tempfile fi number=$(($number+1)) done < .temp rm .temp if [ "$1" = "--test" ] then if [ "$number" -eq "$ONE" ]; then # For correct grammar. echo "$number file will be updated." else echo "$number files will be updated." fi if [ -f $4/.gpg-id ]; then echo "New Key ID will be written into $4/.gpg-id" fi if [ -d $4/.git ]; then echo "Changes will be committed and pushed ..." git -C $4 status fi else if [ "$number" -eq "$ONE" ]; then # For correct grammar. echo "$number file updated." else echo "$number files updated." fi if [ -f $4/.gpg-id ]; then echo $3 > $4/.gpg-id echo "New Key ID is written into $4/.gpg-id" fi if [ -d $4/.git ]; then echo "Changes will be committed and pushed ..." git -C $4 commit -a -m "New Key was applied!" git -C $4 push fi fi exit 0

Have fun!

[1] https://n0g.at/ [2] https://www.passwordstore.org/ [3] http://nerdbynature.de/s9y/2014/09/09/On-Password-Strength