I recently came across
post on using vim as a password manager
so I thought I'd post a companion article on using
as a password manager.
The main goal is to be able to keep the secrets encrypted at all
times on disk, only decrypting within the active
OpenBSD removed it in revision 1.37 of
that allows for weak DES encryption of the file. However, we
want stronger encryption and portability between various versions
so will ignore this option.
Writing our encrypted password file to disk
To begin, we'll open up
and add some password content
user@hostname$ ed a https://example.com Username: demo Password: Pa$$w0rd1 imaps://example.edu Username: email@example.com Password: ed(1)uc8 .
Now, instead of writing the unencrypted password file, we'll use
to encrypt the file and write it out to the disk by piping the
instructing it to write to our password file.
Note the trailing "-" which tells
to read the input from
will prompt for a passphrase and confirmation of that password.
w !gpg --symmetric --output passwords.gpg - Enter passphrase: Password1 Repeat passphrase: Password1 127
informs us that it successfully piped our 127 bytes of data
but we can confirm that the
file was written and then we can quit to go about our day:
!ls passwords.gpg passwords.gpg ! q
Reading our encrypted password file from disk
Now, we want to be able to look up a password to enter at some
future point. So we fire up
and decrypt our passwords.
user@hostname$ ed r !gpg --decrypt passwords.gpg Enter passphrase: Password1
We want to look up our log-in credentials for our email server so we issue
?imap.*edu imaps://example.edu + Username: firstname.lastname@example.org + Password: ed(1)uc8 Q
can be replaced with just hitting
"<Enter>") Alternatively, we could use
to filter the results and show some context:
user@hostname$ gpg --decrypt passwords.gpg | grep -A2 example.com Enter passphrase: Password1 https://example.com Username: demo Password: Pa$$w0rd1 user@hostname$ gpg --decrypt passwords.gpg | sed -n '/example.com/,/^$/p' Enter passphrase: Password1 https://example.com Username: demo Password: Pa$$w0rd1
Modifying our password lists
Now we want to modify our document and/or change our master-password:
user@hostname$ ed r !gpg --decrypt passwords.gpg Enter passphrase: Password1 127 3s/Pa..w0rd1/Pbuttwrd1 Password: Pbuttwrd1 $a https://twitter.com/ Username: ed1conf Password: EyeDonutThinkSew . w !gpg --symmetric --output passwords.gpg - Enter passphrase: NewPassword2 Repeat passphrase: NewPassword2 File `passwords.gpg` exists. Overwrite? (y/N) y 194
And there you have it: using
as a password manager.