small pixel drawing of a pufferfish dotfiles

make show/edit more resilient, commit 1st rotation draft
j3s j3s@c3f.net
Thu, 28 Jan 2021 15:36:41 -0600
commit

dd924016c237ed1200c9869af85819c83a8ba751

parent

705565a04c4ab818dfe693ab4439c2e5b20fb383

1 files changed, 32 insertions(+), 13 deletions(-)

jump to
M bin/pabin/pa

@@ -49,26 +49,42 @@ EOF

printf '%s\n' "Saved '$name' to the store." } +pw_rotate() { + if yn "Generate a new key and re-encrypt all of your passwords?"; then + mkdir -p ~/.age + printf "Old key saved at ~/.age/key.txt.bak" + mv ~/.age/key.txt ~/.age/key.txt.bak + age-keygen -o ~/.age/key.txt + + cd "$PA_DIR" + for pass in *; do + printf "$pass\n" + ls -l "$pass" + cat "$pass" + done + + printf "Completed rotation\n" + fi +} + pw_edit() { name=$1 - if [ ! -f "$name.age" ]; then - die "Failed to access $name" - fi + [ -f "$name.age" ] || die "Failed to access $name" # we use /dev/shm because it's an in-memory # space that we can use to store private data, # and securely wipe it without worrying about # residual badness - if [ ! -d /dev/shm ]; then - die "Failed to access /dev/shm" - fi + [ -d /dev/shm ] || die "Failed to access /dev/shm" mkdir -p /dev/shm/pa trap 'rm -rf /dev/shm/pa' EXIT tmpfile="/dev/shm/pa/$name.txt" - age -i ~/.age/key.txt --decrypt "$1.age" > "$tmpfile" + age -i ~/.age/key.txt --decrypt "$1.age" 2>/dev/null > "$tmpfile" || + die "Could not decrypt $1.age" + "${EDITOR:-vi}" "$tmpfile" if [ ! -f "$tmpfile" ]; then

@@ -91,7 +107,8 @@ }

} pw_show() { - age -i ~/.age/key.txt --decrypt "$1.age" + age -i ~/.age/key.txt --decrypt "$1.age" 2>/dev/null || + die "Could not decrypt $1.age" } pw_list() {

@@ -163,6 +180,7 @@ => [a]dd [name] - Create a new password, randomly generated

=> [d]el [name] - Delete a password entry. => [e]dit [name] - Edit a password entry with $EDITOR. => [l]ist - List all entries. +=> [r]otate - Generate a new age key, re-encrypt all passwords. => [s]how [name] - Show password for an entry. Password length: export PA_LENGTH=50 Password pattern: export PA_PATTERN=_A-Z-a-z-0-9

@@ -216,11 +234,12 @@ # state on exit or Ctrl+C.

[ -t 1 ] && trap 'stty echo icanon' INT EXIT case $1 in - a*) pw_add "$2" ;; - d*) pw_del "$2" ;; - e*) pw_edit "$2" ;; - s*) pw_show "$2" ;; - l*) pw_list ;; + a*) pw_add "$2" ;; + d*) pw_del "$2" ;; + e*) pw_edit "$2" ;; + s*) pw_show "$2" ;; + l*) pw_list ;; + r*) pw_rotate ;; *) usage esac }