diff options
Diffstat (limited to 'readme.md')
| -rw-r--r-- | readme.md | 49 |
1 files changed, 42 insertions, 7 deletions
@@ -1,13 +1,10 @@ # dpw the dynamic password manager Inspired by [`pass`](https://www.passwordstore.org/) and designed to be -compatible out of the box. +partly compatible out of the box. -The main point of this is to provide a somewhat familiar interface for -pluggable backends. Secondary benefits that people may be interested in is the -ISC license, so you can modify the `dpw` script without giving me your changes -even if you use it in a commercial product. ( Though, it might be appreciated to -get code back! ) +The main point of this is to provide a somewhat familiar command line interface +for pluggable backends. For instance, one could write a plugin that talks to Lastpass, Bitwarden Hasicorp's Vault, or similar. @@ -35,12 +32,50 @@ simple, accept the following four commands: * show `<key>` * Dump to stdout * rm `<key>` + * init ( optional ) `dpw` will take care of all the additional commands by wrapping the four above as needed. - ## dmenu script There's also a small dmenu script included that makes copying or typing out passwords and OTP tokens very quick and easy + + +# [age](https://github.com/FiloSottile/age) backend + +Pretty similar to the GPG backend, except it uses the new `age` tool as +the backend. The usage should be straightforward, install the utility +and then set `DPW_BACKEND=dpw-age` in your environment. It will not +clobber any GPG based password store you have unless you explicitly +override `DPW_AGE_DIR` + +It expects `age` and `age-keygen` to be in your path. + +Check over `dpw init --help` for more options when initalizing the store. + +Environment variables: + + * `DPW_AGE_DIR=$HOME/.dpw-age` + * Default directory for storage + * `DPW_AGE_KEY=$HOME/.dpw-age-key` + * default key file + * `PASSWORD_STORE_UMASK=077` + * Umask for files created + * `DPW_AGE_RECIPIENTS` + * If set, no `.recipients` files are read and encryption will be to the keys + specified + + +NOTE: Because there's no agent passphrase protected keys are going to be +somewhat of a pain to use with this. Having a password manager with the +key sitting on disk right next to the files sort of defeats the purpose. + +It's still perhaps useful in the sense that the requirements for setup +are minimal and you don't have to deal with dragging GPG around. + +The Go library is available so in theory it wouldn't be hard to write +a self-contained backend that kept the key in memory. If made setgid +nobody it'll prevent your regular user from being able to extract the +keys from memory. |