blob: faf1c7eb531d40755ddffe5e6381d0b34c1fa3bc (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
# dpw the dynamic password manager
Inspired by [`pass`](https://www.passwordstore.org/) and designed to be
partly compatible out of the box.
The main point of this is to provide a somewhat familiar command line interface
for pluggable backends.
For instance, one could write a plugin that talks to Lastpass, Bitwarden
Hasicorp's Vault, or similar.
There are some mild changes in the interface from `pass`, a full list
of commands and options are available with the `-h` command line flag.
The environment variable `DPW_BACKEND` defaults to `dpw-gpg` which provides
the `pass` compatible backend. Since it's just a call to another executable
the backends can be written in any language.
I can also highly recommend my blog post on [GnuPG / GPG / PGP on a Yubikey](
https://riedstra.dev/2021/08/pgp-yubikey). That way your private key isn't
even exposed to your computer, only the utilization of it is.
## Usage under Wayland
Requires `wl-clipboard` package for copying, and `wtype` for the type
functionality.
If for some reason it doesn't detect wayland try setting
`XDG_SESSION_TYPE=wayland`.
## dmenu script
There's also a small dmenu script included that makes copying or typing
out passwords and OTP tokens very quick and easy ( `oath-toolkit` in most package
managers )
If you wish to use something other than `dmenu` it's best to drop a compatible
wrapper somewhere earlier in your path. ( This is actually how I use `bemenu` in
Wayland whenever a script calls dmenu )
## Backends
The `dpw-gpg` shell script should be short enough to read to give you an
idea for implementing your own. That being said the interface is blindingly
simple, accept the following four commands:
* list
* dump a list of the available keys, supporting arguments for sub keys
may be preferred by users but isn't necessary, `find` will still work
for them.
* insert `<key>`
* Read from stdin
* show `<key>`
* Dump to stdout
* rm `<key>`
There are a couple of optional commands backends can implement
* sync
* init
`dpw` will take care of all the additional commands by wrapping the four
above as needed.
## Age with yubikey plugin
Under Arch for example:
```
# pacman -S age age-plugin-yubikey pcsc-tools ccid
# systemctl enable pcscd
# systemctl start pcscd
```
### It walks you through the setup:
```
$ age-plugin-yubikey
```
### Fetching the key for use with dpw:
```
$ age-plugin-yubikey -i --slot 1 > ~/.dpw-age-key
```
|
