diff options
| -rw-r--r-- | readme.md | 60 |
1 files changed, 14 insertions, 46 deletions
@@ -20,6 +20,20 @@ I can also highly recommend my blog post on [GnuPG / GPG / PGP on a Yubikey]( https://riedstra.dev/2021/08/pgp-yubikey). That way your private key isn't even exposed to your computer, only the utilization of it is. +## Usage under Wayland + +It should "just work" out of the box, if it doesn't check that you have +`wl-clipboard` installed. If it still doesn't work, try setting: + +``` +export XDG_SESSION_TYPE=wayland +``` + +## dmenu script + +There's also a small dmenu script included that makes copying or typing +out passwords and OTP tokens very quick and easy + ## Backends The `dpw-gpg` shell script should be short enough to read to give you an @@ -40,49 +54,3 @@ simple, accept the following four commands: `dpw` will take care of all the additional commands by wrapping the four above as needed. -## dmenu script - -There's also a small dmenu script included that makes copying or typing -out passwords and OTP tokens very quick and easy - - -# [age](https://github.com/FiloSottile/age) backend - -Similar to the GPG backend, except you shouldn't actually use it, it's for -demo purposes _only_ to see how other pograms might be integrated. There's also -[https://git.riedstra.dev/go/dpw-ssm/about/](https://git.riedstra.dev/go/dpw-ssm/about/) -available now which backs to the AWS Parameter store, and should be a fair bit -more useful than the `age` backend. - -The usage should be straightforward, install the utility and then set -`DPW_BACKEND=dpw-age` in your environment. It will not clobber any GPG based -password store you have unless you explicitly override `DPW_AGE_DIR` - -It expects `age` and `age-keygen` to be in your path. - -Check over `dpw init --help` for more options when initalizing the store. - -Environment variables: - - * `DPW_AGE_DIR=$HOME/.dpw-age` - * Default directory for storage - * `DPW_AGE_KEY=$HOME/.dpw-age-key` - * default key file - * `PASSWORD_STORE_UMASK=077` - * Umask for files created - * `DPW_AGE_RECIPIENTS` - * If set, no `.recipients` files are read and encryption will be to the keys - specified - - -NOTE: Because there's no agent passphrase protected keys are going to be -somewhat of a pain to use with this. Having a password manager with the -key sitting on disk right next to the files sort of defeats the purpose. - -It's still perhaps useful in the sense that the requirements for setup -are minimal and you don't have to deal with dragging GPG around. - -The Go library is available so in theory it wouldn't be hard to write -a self-contained backend that kept the key in memory. If made setgid -nobody it'll prevent your regular user from being able to extract the -keys from memory. |