aboutsummaryrefslogtreecommitdiff

dpw the dynamic password manager

Inspired by pass and designed to be partly compatible out of the box.

The main point of this is to provide a somewhat familiar command line interface for pluggable backends.

For instance, one could write a plugin that talks to Lastpass, Bitwarden Hasicorp's Vault, or similar.

There are some mild changes in the interface from pass, a full list of commands and options are available with the -h command line flag.

The environment variable DPW_BACKEND defaults to dpw-gpg which provides the pass compatible backend. Since it's just a call to another executable the backends can be written in any language.

I can also highly recommend my blog post on GnuPG / GPG / PGP on a Yubikey. That way your private key isn't even exposed to your computer, only the utilization of it is.

Usage under Wayland

Requires wl-clipboard package for copying, and wtype for the type functionality.

If for some reason it doesn't detect wayland try setting XDG_SESSION_TYPE=wayland.

dmenu script

There's also a small dmenu script included that makes copying or typing out passwords and OTP tokens very quick and easy ( oath-toolkit in most package managers )

If you wish to use something other than dmenu it's best to drop a compatible wrapper somewhere earlier in your path. ( This is actually how I use bemenu in Wayland whenever a script calls dmenu )

Backends

The dpw-gpg shell script should be short enough to read to give you an idea for implementing your own. That being said the interface is blindingly simple, accept the following four commands:

  • list
    • dump a list of the available keys, supporting arguments for sub keys may be preferred by users but isn't necessary, find will still work for them.
  • insert <key>
    • Read from stdin
  • show <key>
    • Dump to stdout
  • rm <key>

There are a couple of optional commands backends can implement

  • sync
  • init

dpw will take care of all the additional commands by wrapping the four above as needed.

Age with yubikey plugin

Under Arch for example:

# pacman -S age age-plugin-yubikey pcsc-tools ccid  
# systemctl enable pcscd
# systemctl start pcscd

It walks you through the setup:

$ age-plugin-yubikey

Fetching the key for use with dpw:

$ age-plugin-yubikey -i --slot 1 > ~/.dpw-age-key
You can read more about the author.