I was searching for a new password manager for all my devices and even the server. Thanks to Matthias Fassl [1], he pointed out a cool tool “passwordstore” [2].
Keep it simple stupid, but handy enough to manage all the desired passwords and secrets. In combination with some kewl password generators like “pwqgen” [3] it is really easy to manage a bunch of passwords.
And if you regularly change your private key, here is a useful script for updating the whole vault:
#!/bin/bash
# updatePasswdStore.sh
SENSE=$2
ONE=1 # For getting singular/plural right (see below).
number=0 # Keeps track of how many files actually renamed.
EXPECTED_ARGS=4
if [ $# -ne $EXPECTED_ARGS -o \( "$1" != "--test" -a "$1" != "--force" \) ]
then
echo "NAME"
echo -e "\tupdatePasswdStore - Updating gpg encrypted Password files with new key\n"
echo "Synopsis"
echo -e "\t`basename $0` --force|--test FILEPATTERN NEWKEY pathname\n"
echo "Examples"
echo -e "\t`basename $0` --test gpg F52048C0C0748FEE227D47A2702353E0F7E48BDB /home/user/.passwordstore"
echo -e "\t\tonly shows which files will be updated in the directory /home/user/pwds\n"
echo -e "\t`basename $0` --force gpg DEEC310D4A6F392BF313FCDAC631EB6EFBD889B5 /home/user/.password-store"
echo -e "\t\tencrypting the files with \"gpg\" in the directory /home/user/.password-store with the new key\n"
exit 1
fi
n=`gpg -K $3`
if [ -z "$n" ]; then
echo "$3 is no valid secret key! You wouldn't be able to decrypt your passwords :-("
exit 2
fi
if [ -d $4 ]; then
echo "Searching for files with \"$SENSE\" in $4 ..."
else
echo "Directory $4 doesn't exist!"
exit 3
fi
files=$(find $4 -name *$2* | grep -v ".gpg-id" > .temp)
while read file;do
if [ "$1" = "--test" ]
then
echo "$file will be updated" # Dry run ...
else
echo "Updating $file with new key ..."
gpg -d $file > tempfile
gpg -e -r $3 --batch --yes --encrypt tempfile # Do the actual encryption!
mv tempfile.gpg $file
rm tempfile
fi
number=$(($number+1))
done < .temp
rm .temp
if [ "$1" = "--test" ]
then
if [ "$number" -eq "$ONE" ]; then # For correct grammar.
echo "$number file will be updated."
else
echo "$number files will be updated."
fi
if [ -f $4/.gpg-id ]; then
echo "New Key ID will be written into $4/.gpg-id"
fi
if [ -d $4/.git ]; then
echo "Changes will be committed and pushed ..."
git -C $4 status
fi
else
if [ "$number" -eq "$ONE" ]; then # For correct grammar.
echo "$number file updated."
else
echo "$number files updated."
fi
if [ -f $4/.gpg-id ]; then
echo $3 > $4/.gpg-id
echo "New Key ID is written into $4/.gpg-id"
fi
if [ -d $4/.git ]; then
echo "Changes will be committed and pushed ..."
git -C $4 commit -a -m "New Key was applied!"
git -C $4 push
fi
fi
exit 0
Have fun!
[1] https://n0g.at/
[2] https://www.passwordstore.org/
[3] http://nerdbynature.de/s9y/2014/09/09/On-Password-Strength