NAME¶
assword - Simple and secure password database and retrieval system
SYNOPSIS¶
assword <command> [
<args>...]
DESCRIPTION¶
The password database is stored as a single json object, OpenPGP encrypted and
signed, and written to local disk (see ASSWORD_DB). The file will be created
upon addition of the first entry. Database entries are keyed by 'context'.
During retrieval of passwords, the database is decrypted and read into memory.
Contexts are search by sub-string match.
Commands:
- add [<context>]
- Add a new entry. If context is '-' read from stdin. If not specified, user
will be prompted for context. If the context already exists, an error will
be thrown. See ASSWORD_PASSWORD for information on passwords.
- replace [<context>]
- Replace password for existing entry. If context is '-' read from stdin. If
not specified, user will be prompted for context. If the context does not
exist an error will be thrown. See ASSWORD_PASSWORD for information on
passwords.
- dump [<string>]
- Dump search results as json. If string not specified all entries are
returned. Passwords will not be displayed unless ASSWORD_DUMP_PASSWORDS is
set.
- gui [<string>]
- GUI interface, good for X11 window manager integration. Upon invocation
the user will be prompted to decrypt the database, after which a graphical
search prompt will be presented. If an additional string is provided, it
will be added as the initial search string. All matching results for the
query will be presented to the user. When a result is selected, the
password will be retrieved according to the method specified by
ASSWORD_XPASTE. If no match is found, the user has the opportunity to
generate and store a new password, which is then delivered via
ASSWORD_XPASTE.
- remove <context>
- Delete an entry from the database.
- version
- Report the version of this program.
- help
- This help.
SIGNATURE VALIDATION¶
During decryption, OpenPGP signatures on the db file are checked for validity.
If any of them are found to not be valid, a warning message will be written to
stderr.
ENVIRONMENT¶
- ASSWORD_DB
- Path to assword database file. Default: ~/.assword/db
- ASSWORD_KEYFILE
- File containing OpenPGP key ID of database encryption recipient. Default:
~/.assword/keyid
- ASSWORD_KEYID
- OpenPGP key ID of database encryption recipient. This overrides
ASSWORD_KEYFILE if set.
- ASSWORD_PASSWORD
- For new entries, entropy of auto-generated password in bytes (actual
generated password will be longer due to base64 encoding). If set to
'prompt' user will be prompted for for password. Default: 18
- ASSWORD_DUMP_PASSWORDS Include passwords in dump when set.
- ASSWORD_XPASTE
- Method for password retrieval. Options are: 'xdo', which attempts to type
the password into the window that had focus on launch, or 'xclip' which
inserts the password in the X clipboard. Default: xdo