Simple and secure password database and retrieval system
assword \,<command> \/[\,<args>\/...]
The password database is stored as a single json object, OpenPGP encrypted and signed, and written to local disk (see ASSWORD_DB). The file will be created upon addition of the first entry. Database entries are keyed by 'context'. During retrieval of passwords, the database is decrypted and read into memory. Contexts are search by sub-string match.
Commands:
add [<context>]
Add a new entry. If context is '-' read from stdin. If not specified, user will be prompted for context. If the context already exists, an error will be thrown. See ASSWORD_PASSWORD for information on passwords.
replace [<context>]
Replace password for existing entry. If context is '-' read from stdin. If not specified, user will be prompted for context. If the context does not exist an error will be thrown. See ASSWORD_PASSWORD for information on passwords.
dump [<string>]
Dump search results as json. If string not specified all entries are returned. Passwords will not be displayed unless ASSWORD_DUMP_PASSWORDS is set.
gui [<string>]
GUI interface, good for X11 window manager integration. Upon invocation the user will be prompted to decrypt the database, after which a graphical search prompt will be presented. If an additional string is provided, it will be added as the initial search string. All matching results for the query will be presented to the user. When a result is selected, the password will be retrieved according to the method specified by ASSWORD_XPASTE. If no match is found, the user has the opportunity to generate and store a new password, which is then delivered via ASSWORD_XPASTE.
remove <context>
Delete an entry from the database.
version
Report the version of this program.
help
This help.
During decryption, OpenPGP signatures on the db file are checked for validity. If any of them are found to not be valid, a warning message will be written to stderr.
ASSWORD_DB
Path to assword database file. Default: ~/.assword/db
ASSWORD_KEYFILE
File containing OpenPGP key ID of database encryption recipient. Default: ~/.assword/keyid
ASSWORD_KEYID
OpenPGP key ID of database encryption recipient. This overrides ASSWORD_KEYFILE if set.
ASSWORD_PASSWORD
For new entries, entropy of auto-generated password in bytes (actual generated password will be longer due to base64 encoding). If set to 'prompt' user will be prompted for for password. Default: 18
ASSWORD_DUMP_PASSWORDS Include passwords in dump when set.
ASSWORD_XPASTE
Method for password retrieval. Options are: 'xdo', which attempts to type the password into the window that had focus on launch, or 'xclip' which inserts the password in the X clipboard. Default: xdo