costypetrisor / passpie

:closed_lock_with_key: Passpie manages encrypted login credentials from terminal

Home Page:https://git.io/passpie

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Passpie: Manage login credentials from terminal

Passpie lets you manage login credentials from the terminal with a colorful/configurable cli interface. Password files are saved into yaml text files with passwords as GnuPG encrypted strings. Use your master passphrase to decrypt login credentials, copy passwords to clipboard and more...

Passpie console interface

Passpie is built with Click and Tabulate for its interface, TinyDB for its database and python-gnupg for its encryption using gpg. Passpie is also inspired by great cli applications like git and httpie


pypi unix_build windows_build coverage


Features

  • Console interface
  • Manage multiple databases
  • Add, update, remove credentials
  • Copy passwords to clipboard
  • List credentials as a table
  • List credentials with a colored output
  • Search credentials by name, login or comments
  • Search with regular expression
  • Group credentials by name
  • Configuration from file. ~/.passpie
  • Change passphrase and re-encrypt database
  • Export Passpie database to plain text file
  • Import plain text Passpie database
  • Import credentials from Pysswords
  • Randomly generated credential passwords
  • Configurable random password generation
  • Generate database status report
  • Bulk remove credentials
  • Bash/Zsh completion
  • Undo/Redo changes to the database. (requires git)

Planned features:

  • Bulk update credentials
  • Import plain text credentials from Keepass
  • Import plain text credentials from 1Password

Quickstart

# initialize a passpie database
passpie init

# add some credentials
passpie add foo@example.com
passpie add bar@example.com

# add some credential with random passwords
passpie add bar@github.com --random
passpie add spam@egg --random
passpie add foo@github.com --random
passpie add bar@github.com --random

# add spam@egg with random password and copy to clipboard
passpie add spam@egg.local --random --copy

# edit credential "foo@example.com"
passpie update foo@example.com

# copy password from credential "foo@example.com" to clipboard
passpie copy foo@example.com

# search credentials by string "exam"
passpie search exam

# search credentials using regular expressions
passpie search 'foo|bar'

# remove some credentials
passpie remove foo@example.com
passpie remove foo@github.com

# see the database change history
passpie log

# reset to a previous version of the database
passpie --reset-to 5

# check database status
passpie status

# print all credentials as a table with hidden passwords
passpie

# shows help. Option `--help`
passpie --help

Installation

Dependencies

Stable version

Using pip

pip install passpie

On a mac you can install it with homebrew

brew install passpie

Development version

The latest development version can be installed directly from GitHub:

pip install --upgrade https://github.com/marcwebbie/passpie/tarball/master

Tutorials

Diving into fullname syntax

Passpie credentials are referenced by fullname. fullname syntax handles login and name for credentials in one go for faster adding and querying of credentials.

Structure of a fullname

Fullnames are composed of login@name. Login is optional. If you don't pass any login when adding new credentials, credential login will be replaced by a _ character:

passpie add @banks/mybank --password 1234
passpie add @banks/myotherbank --password 5678

Listing credentials:

$ passpie
=================  =======  ==========  =========
Name               Login    Password    Comment
=================  =======  ==========  =========
banks/mybank       _        *****
banks/myotherbank  _        *****
=================  =======  ==========  =========

Since login is optional. You can query credentials using only name syntax, for example to update credential @banks/mybank:

passpie update @banks/mybank --random

Or even better, without using the @ notation:

passpie update banks/mybank --random

Version control your database

Passpie by default will create a git repository on database initialization if git is available.

passpie init

To see the changes history, use passpie log command:

passpie log

example output:

[13] Updated foo@bar
[12] Updated foo@bar
[11] Reset database
[10] Removed foozy@bar
[9] Updated hello@world
[8] Added hello@world
[7] Added foozy@bar
[6] Updated test@github
[5] Added foozy@bazzy
[4] Updated test@github
[3] Added foo@bar
[2] Added spam@egg
[1] Added test@github
[0] Initialized database

Going back to a previous version of the database changes.

If you want to go back to a previous version of the database history: passpie --reset-to N where N is the index of the change.

passpie log --reset-to 5

Attention: this is an operation that destroys data. Use it with caution. It is equivalent to do git reset --hard

Initializing a git repository on an existing passpie database:

passpie log --init

or if you have multiple databases:

passpie -D other_database log --init

This will create a git repository on passpie directory and create an initial commit Initialized database

Avoiding git initialization

If you don't want to create a git repository on the passpie database. Initialize passpie with --no-git flag:

passpie init --no-git

Syncing your database

Dropbox

With default path ~/.passpie and a Dropbox shared directory on path ~/Dropbox

mv ~/.passpie ~/Dropbox/passpie    # move passpie db to Dropbox
ln -s ~/Dropbox/passpie ~/.passpie # make a link to the db

Google Drive

With default path ~/.passpie and a Google Drive shared directory on path ~/GoogleDrive

mv ~/.passpie ~/GoogleDrive/passpie   # move passpie db to Google Drive
ln -s ~/GoogleDrive/passpie ~.passpie # make a link to the db

Exporting a passpie database

passpie export passpie.db

Importing a passpie database

passpie import passpie.db

Grouping credentials by name

Passpie credentials handles multiple logins for each name which groups credentials by name:

# add some credentials
passpie add jonh@example.com --comment "Jonh main mail" --random
passpie add doe@example.com --comment "No comment" --random

Listing credentials:

$ passpie
===========  =======  ==========  ===============
name         login    password    comment
===========  =======  ==========  ===============
example.com  doe      *****       No comment
example.com  jonh     *****       Jonh main email
===========  =======  ==========  ===============

Subgroups

Fullname syntax supports subgrouping of credentials by name

passpie add foo@opensource/github.com --random
passpie add foo@opensource/python.org --random
passpie add foo@opensource/bitbucket.org --random
passpie add foo@opensource/npm.org --random

Listing credentials:

$ passpie
========================  =======  ==========  =========
Name                      Login    Password    Comment
========================  =======  ==========  =========
opensource/bitbucket.org  foo      *****
opensource/github.com     foo      *****
opensource/npm.org        foo      *****
opensource/python.org     foo      *****
========================  =======  ==========  =========

Multiple databases

Sometimes it is useful to have multiple databases with different passphrases for higher security. This can be done using -D or --database option.

Creating databases

passpie -D ~/credentials/personal init
passpie -D ~/credentials/work init
passpie -D ~/credentials/junk init

Adding passwords to specific database

passpie -D ~/credentials/personal add johnd@github.com --random
passpie -D ~/credentials/work add john.doe@example.com --random
passpie -D ~/credentials/junk add fake@example.com --random

Listing passwords from specific database

$ passpie -D ~/databases/junk
===========  =======  ==========  =========
Name         Login    Password    Comment
===========  =======  ==========  =========
example.com  fake     *****
===========  =======  ==========  =========

Passpie completion

You can activate passpie completion for bash or zsh shells

Check the generated script with passpie complete.

bash

Add this line to your .bash_profile or .bashrc

if which passpie > /dev/null; then eval "$(passpie complete)"; fi

fish

Add this line to your ~/.config/fish/config.fish

if which passpie > /dev/null 2>&1; eval (passpie complete | tr '\n' ';'); end

zsh

Add this line to your .zshrc or .zpreztorc

if which passpie > /dev/null; then eval "$(passpie complete)"; fi

Configuring passpie with .passpierc

You can override default passpie configuration with a .passpierc file on your home directory. Passpie configuration files must be written as a valid yaml file.

Example .passpierc:

path: /Users/john.doe/.passpie
short_commands: true
genpass_length: 32
genpass_symbols: "_-#|+= "
table_format: fancy_grid
headers:
  - name
  - login
  - password
  - comment
colors:
  login: green
  name: yellow
  password: cyan

Global configuration

path =

default ~/.passpie

Path to passpie database

short_commands = (true | false)

default false

Use passpie commands with short aliases. Like passpie a for passpie add

genpass_length =

default: 32

Length of randomly generated passwords with option --random

genpass_symbols =

default: "_-#|+= "

Symbols used on random password generation

table_format = (fancy_grid | rst | simple | orgtbl | pipe | grid | plain | latex)

default: fancy_grid

Table format when listing credentials

headers = (name | login | password | comment | fullname)

default:

headers:
  - name
  - login
  - password
  - comment
colors = (green | red | blue | white | cyan | magenta | yellow)

default:

colors:
  name: yellow
  login: green
git = (true | false)

default: true

Create a git repository on the database directory when git is available.

learn more

search_automatic_regex = (true | false)

default: false

Automatically transform the search pattern into a regex if the search pattern is a word (ie: add .* prefix and suffix)

status_repeated_passwords_limit=

default: 5

Set an upper limit to display the number of credentials with the same password instead of displaying the credentials themselves. This is avoid the uggly table rendering when the passords list doesn't fit on one line. Currently Tabulate doesn't handle line wraps.

Under The Hood

Encryption

Encryption is done with GnuGPG using AES256. Take a look at passpie.crypt module to know more.

Database Path

The default database path is at ~/.passpie. If you want to change the database path, add --database option to passpie. Together with init you can create arbitrary databases.

passpie --database "/path/to/another/database/" init

Database structure

Passpie database is structured in a directory hierarchy. Every credential is a .pass file inside a directory named after a credential group.

An empty database would look like this:

passpie --database /tmp/passpie init

tree /tmp/passpie -la
# /tmp/passpie
# └── .keys

After adding a new credential the database would look like this:

passpie --database /tmp/passpie add octocat@github.com
# Password: **********

tree /tmp/passpie -la
# /tmp/passpie
# ├── .keys
# └── github.com
#     └── octocat.pass

If we add more credentials to group github.com. Directory structure would be:

passpie --database /tmp/passpie add octocat2@github.com
# Password: **********

tree /tmp/passpie -la
# /tmp/passpie
# ├── .keys
# └── github
#     └── octocat.pass
#     └── octocat2.pass

Contributing

Feel free to comment, open a bug report or ask for new features on Passpie issues page or over Twitter.

If you want to contributing with code:

Common issues

TypeError: init() got an unexpected keyword argument 'binary'

You probably have the python-gnupg package installed. Passpie depends on isislovecruft fork of python-gnupg

To fix:

pip uninstall python-gnupg
pip install -U passpie

'GPG not installed. https://www.gnupg.org/'

You don't have gpg installed or it is not working as expected

Make sure you have gpg installed:

Ubuntu:

sudo apt-get install gpg

OSX:

brew install gpg

xclip or xsel not installed

You don't have copy to clipboard support by default on some linux distributions.

Ubuntu:

sudo apt-get install xclip

passpie init hangs

Sometimes it takes a long time because of entropy on the host machine. It was noticed a long time on an ubuntu server(even more if it is a virtual machine). You could try using haveged to generate enough entropy.

On ubuntu:

sudo apt-get install haveged

You could also try this solution right here: http://serverfault.com/questions/214605/gpg-not-enough-entropy

License (MIT License)

The MIT License (MIT)

Copyright (c) 2014-2015 Marc Webbie, http://github.com/marcwebbie

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

About

:closed_lock_with_key: Passpie manages encrypted login credentials from terminal

https://git.io/passpie


Languages

Language:Python 97.1%Language:Makefile 2.9%