This tool aims to provide a secure password/credential storage mechanism for Linux users. It uses industry standard encryption provided by GNU GPG (GnuPG). There are two version of the script included in the repository:
password_manager.sh- requires the bash-tools library.password_manager_standalone.sh- has no external dependencies other than GnuPG.
This project was developed independently before I became aware of pass, a similar Unix password manager using GPG. After discovering pass, I chose to continue development because my implementation and workflow differ in several ways. Users interested in the original project can find the source code here.
There is no installer for this script. If you are not using the standalone version, as mentioned above, bash-tools is required and you will need to adjust the path to match the location of the library. The script also requires both GnuPG and getopt.
This tool assumes the existence of a valid GPG ID and will not assist in the creation of a new key.
This tool will create its own directory under the users home, this directory (.pm-keychain) is the root keychain. Typically, no password files will be stored directly under this directory. When using the init command, if no --path is specified, a default keychain directory will be created at ~/.pm-keychain/default/, this will be where all password files are stored if a specific keychain directory is not given.
Below is an example workflow, initialising a new default keychain, adding a new password file to it and also creating a custom keychain directory and assigning a password file there as well:
./password_manager.sh init ABCDEFG1234567- initialise a new keychain with GPG-ID 'ABCDEFG1234567', creates '~/.pm-keychain/default/'./password_manager.sh add a-password-file- add 'a-password-file' to the default keychain, it will be encrypted with the GPG-ID that was used to create the keychain./password_manager.sh init --path=web ABCDEFG1234567- initialise a new keychain with GPG-ID 'ABCDEFG1234567', creates '~/.pm-keychain/web/'./password_manager.sh add web/some-password-file- add 'some-password-file' to 'web'
add [-p,--print] [-g,--generate] [-f,--force] password-name- add a new passworddel [-r,--recursive] [-f,--force] password-name|keychain-name- delete a password file or entire keychain directoryedit password-name- edit a password file in a text editor (editor can be set to nano for example by passingEDITOR=nanolikeEDITOR=nano ./password_manager.sh edit password-name)gen [-l,--length=[num]] [-n,--no-symbols] [-p,--plain]- generate a random password with options and display itinit [-p,--path=[dir]] gpg-id- initialise a new keychain with given gpg-idlist keychain-name- list all password files or password-files inside given keychainshow [-p,--plain] password-name- show the contents of the given password-namehelp- show detailed help textversion- show version number
This project was developed independently, but users familiar with the Unix password manager ecosystem may notice conceptual similarities to pass, which also uses GPG and shell tooling to manage encrypted password stores.
pass helped popularise the “Unix password manager” approach and is worth exploring for users interested in similar tools. That implementation has many more advanced features like git integration and web browser plugins.