userpass - password manager

This is a simple script for managing an encrypted password database. It has two features in particular:

  1. It keeps one password database per host on which userpass is run. This allows the encrypted databases to be updated asynchronously without worrying about conflicts, even though the databases might be committed to a cvs repository in their encrypted state.

  2. It asks for the password only once, even though it might need to decrypt multiple files. The files are not decrypted to disk, only to memory.

First Steps

Before using userpass for the first time, you'll need to create yourself a gpg encryption key, and you'll want to configure gpg to help userpass work better. Here are the steps:

  1. First, make sure you have gpg on your system. Try "gpg --version". If that works, you're all set. If it doesn't, you'll need to install. On Gentoo, do that with "emerge gnupg"

  2. Next, create a keypair (public and secret) for yourself. This is done with "gpg --gen-key", but you'd be better off reading the GnuPG MiniHOWTO.

  3. Finally, set the "default-key" (or "encrypt-to" if you prefer) in your .gnupg/gpg.conf file. userpass will honor this setting so you don't have to specify --recipient each time you add a record to userpass.

Usage

To get started, see --help: 

$ userpass --help
usage: userpass [-ahnv] pattern...

    -a     --add           Add a username/password
           --dir           Set userpass database directory (/home/agriffis/skel)
                           (alternatively set USERPASS_DIR in env)
           --gpg path      Set gpg binary (/usr/bin/gpg)
    -h     --help          Show this help message
           --host name     Set alternate hostname (olive)
    -l     --list-keys     List the known accounts
    -n     --new           Create a new account
    -r     --recipient     Set alternate encrypt-to recipient (20104EB0)
    -V     --version       Show version information

To create a new account in the database (and create the database, for that matter), specify the identifier you want to use for it on the command-line. For example, to create a record for a login at the Linux Weekly News: 

$ userpass --new 'lwn.net (Linux Weekly News)'
username? agriffis
password? supersecret

To look up the password: 

$ userpass lwn
decryption passphrase? gpgpassword
lwn.net (Linux Weekly News) agriffis supersecret

To update the password in the future: 

$ userpass --add lwn
decryption passphrase? gpgpassword
matched lwn.net (Linux Weekly News)
username [agriffis]? 
password? ultrasecret

Downloads

Filename Date Size MD5
userpass-2543 04-Jan-2008 14:07 8.5K 77b1ef7cecd4acdb08b9cb1b6cc27873
userpass-1492 01-Feb-2006 09:25 8.2K 4fa93bb21136d78a5726c6db74b1eab3
userpass-1.6 15-Sep-2004 06:59 7.7K 808025bfbac33804f6213cf78953ff4b
userpass-1.5 13-Sep-2004 14:10 7.7K 984cd183b9db6a3e6d376663d4bcab03
userpass-1.4 13-Sep-2004 12:01 8.2K cd8f1e1d07a63ba8eed33e4633e15934

CVS Log

  • revision 1492 (2006/02/01 12:24:33)

    Add --list-keys option for Grant

    Check for an exact match before regex

  • revision 1.6 (2004/09/15 13:58:51)

    Refrain from --no-tty when encrypting.

    Use .gnupg/gpg.conf instead of deprecated .gnupg/options

  • revision 1.5 (2004/09/13 21:10:20)

    Give --dir a default of ~/.userpass if we don't have one otherwise

    Remove passphrase management from GpgDecoder::encode. It isn't necessary for encryption since encryption is done using the public key.

    Fix some other minor problems (directory creation, exception raised when database is absent for --add, etc.) found while testing

  • revision 1.4 (2004/09/13 15:30:23)

    First public release


This page was generated Tue Jan 29 07:57:06 2008.