# dpw the dynamic password manager

Inspired by [`pass`](https://www.passwordstore.org/) and designed to be
partly compatible out of the box.

The main point of this is to provide a somewhat familiar command line interface
for pluggable backends.

For instance, one could write a plugin that talks to Lastpass, Bitwarden
Hasicorp's Vault, or similar.

There are some mild changes in the interface from `pass`, a full list
of commands and options are available with the `-h` command line flag.

The environment variable `DPW_BACKEND` defaults to `dpw-gpg` which provides
the `pass` compatible backend. Since it's just a call to another executable
the backends can be written in any language.


## Backends

The `dpw-gpg` shell script should be short enough to read to give you an
idea for implementing your own. That being said the interface is blindingly
simple, accept the following four commands:

  * list
    * dump a list of the available keys, supporting arguments for sub keys
	  may be preferred by users but isn't necessary, `find` will still work
	  for them.
  * insert `<key>`
    * Read from stdin
  * show `<key>`
    * Dump to stdout
  * rm `<key>`
  * init ( optional )

`dpw` will take care of all the additional commands by wrapping the four
above as needed.

## dmenu script

There's also a small dmenu script included that makes copying or typing
out passwords and OTP tokens very quick and easy


# [age](https://github.com/FiloSottile/age) backend

Pretty similar to the GPG backend, except it uses the new `age` tool as
the backend. The usage should be straightforward, install the utility
and then set `DPW_BACKEND=dpw-age` in your environment. It will not
clobber any GPG based password store you have unless you explicitly
override `DPW_AGE_DIR`

It expects `age` and `age-keygen` to be in your path.

Check over `dpw init --help` for more options when initalizing the store.

Environment variables:

  * `DPW_AGE_DIR=$HOME/.dpw-age`
    * Default directory for storage
  * `DPW_AGE_KEY=$HOME/.dpw-age-key`
  	* default key file
  * `PASSWORD_STORE_UMASK=077`
    * Umask for files created
  * `DPW_AGE_RECIPIENTS`
    * If set, no `.recipients` files are read and encryption will be to the keys
	  specified
	

NOTE: Because there's no agent passphrase protected keys are going to be
somewhat of a pain to use with this. Having a password manager with the
key sitting on disk right next to the files sort of defeats the purpose.

It's still perhaps useful in the sense that the requirements for setup
are minimal and you don't have to deal with dragging GPG around.

The Go library is available so in theory it wouldn't be hard to write
a self-contained backend that kept the key in memory. If made setgid
nobody it'll prevent your regular user from being able to extract the
keys from memory.