Password managers have become a big deal with all the recent events (heartbleed, NSA, …). Most people seem to be using BLOB-based password managers nowadays (truecrypt, keepass, 1password, …) but I think they suck.
They require me to carry a blob around or (even worse) upload it to a storage service (e.G. dropbox). They’re not usable from the command line. And they’re (mostly) awkward on a mobile device.
I’m using vault with a few additions. The basic idea is that passwords are computed from a secret (your master key) and an arbitrary service name.
For example, to access my GitHub password, I use the service name “github” and my master key.
I thus wrote two little scripts:
This one (I call it
passme) uses the nodejs vault program from @jcoglan to generate a service password (prompting interactively for the master key) and pipes it into
xsel -b (which puts it in the clipboard). This does not leave any trace on the machine (except for the service name), so I don’t care about prying eyes.
After having used my password, I have another script,
which basically just clears my password from the clipboard.
I have an extremely simple flow when working on the command line.