README.md
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# password ass (pa)
A simple password manager using [age](https://github.com/FiloSottile/age) written in POSIX `sh`. Based on [pash](https://github.com/dylanaraps/pash) by [dylanaraps](https://github.com/dylanaraps).
- Automatically generates an `age` key if one is not detected.
- Written in safe and [shellcheck](https://www.shellcheck.net/) compliant POSIX `sh`.
- Only `120~` LOC (*minus blank lines and comments*).
- Configurable password generation using `/dev/urandom`.
- Guards against `set -x`, `ps` and `/proc` leakage.
- Easily extendible through the shell.
- Ability to edit passwords using `$EDITOR`
## Table of Contents
<!-- vim-markdown-toc GFM -->
* [Dependencies](#dependencies)
* [Usage](#usage)
* [FAQ](#faq)
* [Where are passwords stored?](#where-are-passwords-stored)
* [How do I rename an entry?](#how-do-i-rename-an-entry)
* [How can I extend pa?](#how-can-i-extend-pa)
<!-- vim-markdown-toc -->
## Dependencies
- `age`
## Usage
Examples: `pa add web/gmail`, `pa list`, `pa del facebook`, `pa show github`, `pa edit sourcehut`.
```
USAGE
pa 0.1.0 - age-based password manager
=> [a]dd [name] - Create a new password, randomly generated
=> [d]el [name] - Delete a password entry.
=> [e]dit [name] - Edit a password entry with vim.
=> [l]ist - List all entries.
=> [r]otate - Generate a new age key, re-encrypt all passwords.
=> [s]how [name] - Show password for an entry.
Password length: export PA_LENGTH=50
Password pattern: export PA_PATTERN=_A-Z-a-z-0-9
Store location: export PA_DIR=~/.local/share/pa
```
## FAQ
### How does this differ from `pass` or etc?
I was looking for a shell-based password manager that used age. Actually, see my blog post if you're really that curious:
https://j3s.sh/thoughts/storing-passwords-with-age.txt
### Where are passwords stored?
The passwords are stored in `age` encrypted files located at `${XDG_DATA_HOME:=$HOME/.local/share}/pa}`.
### How do I change the password store location?
Set the environment variable `PA_DIR` to a directory.
```sh
# Default: '~/.local/share/pa'.
export PA_DIR=~/.local/share/pa
# This can also be used as a one-off.
PA_DIR=/mnt/drive/pa pa list
```
### How do I rename an entry?
It's a file! Standard UNIX utilities can be used here.
### How can I extend `pa`?
A shell function can be used to add new commands and functionality to `pa`. The following example adds `pa git` to execute `git` commands on the password store.
```sh
pa() {
case $1 in
g*)
cd "${PA_DIR:=${XDG_DATA_HOME:=$HOME/.local/share}/pa}"
shift
git "$@"
;;
*)
command pa "$@"
;;
esac
}
```