{"id":45999155,"url":"https://github.com/pepuscz/passwd","last_synced_at":"2026-03-12T18:53:22.721Z","repository":{"id":341001038,"uuid":"1168456360","full_name":"pepuscz/passwd","owner":"pepuscz","description":"MCP server + CLI for passwd.team password manager — give your AI assistant access to passwords, TOTP codes, secrets, and sharing","archived":false,"fork":false,"pushed_at":"2026-03-03T10:45:10.000Z","size":173,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-05T05:29:56.818Z","etag":null,"topics":["ai-tools","claude","cli","mcp","mcp-server","model-context-protocol","passwd-team","password-manager","totp","typescript"],"latest_commit_sha":null,"homepage":"https://passwd.team","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pepuscz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-27T12:12:14.000Z","updated_at":"2026-03-03T10:45:18.000Z","dependencies_parsed_at":"2026-03-03T00:00:47.050Z","dependency_job_id":null,"html_url":"https://github.com/pepuscz/passwd","commit_stats":null,"previous_names":["pepuscz/passwd-mcp","pepuscz/passwd"],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/pepuscz/passwd","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pepuscz%2Fpasswd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pepuscz%2Fpasswd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pepuscz%2Fpasswd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pepuscz%2Fpasswd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pepuscz","download_url":"https://codeload.github.com/pepuscz/passwd/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pepuscz%2Fpasswd/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30160020,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-05T22:39:40.138Z","status":"online","status_checked_at":"2026-03-06T02:00:08.268Z","response_time":250,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-tools","claude","cli","mcp","mcp-server","model-context-protocol","passwd-team","password-manager","totp","typescript"],"created_at":"2026-02-28T22:03:11.994Z","updated_at":"2026-03-06T03:00:54.281Z","avatar_url":"https://github.com/pepuscz.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# passwd\n\nMCP server + CLI for [passwd.team](https://passwd.team) password manager.\n\nGives your AI assistant full access to your team's passwords, TOTP codes, secure notes, and file attachments — create, read, update, delete, and share secrets through natural language.\n\n## What it can do\n\n- **Search \u0026 retrieve** passwords, API keys, SSH keys, payment cards, secure notes\n- **Create \u0026 update** secrets with all field types\n- **Generate TOTP codes** on demand\n- **Share secrets** with groups or individual users, with granular permissions (read, write, autofillOnly, passkeyOnly)\n- **Attach files** to secrets (certificates, configs, etc.)\n- **List groups \u0026 contacts** in your workspace for easy sharing\n\n## Install\n\nNo build step needed — `npx` downloads and runs the package automatically. Packages are hosted on [GitHub Packages](https://github.com/pepuscz/passwd/packages), which requires authentication even for installs.\n\n**One-time setup:** create a GitHub [personal access token](https://github.com/settings/tokens) with `read:packages` scope, then add to `~/.npmrc`:\n\n```\n//npm.pkg.github.com/:_authToken=ghp_YOUR_TOKEN_HERE\n@pepuscz:registry=https://npm.pkg.github.com\n```\n\n## Setup\n\nIn all examples below, replace `https://your-company.passwd.team` with your passwd.team deployment URL.\n\n| Client | Method | Section |\n|---|---|---|\n| Claude Code | MCP server | [Claude Code](#claude-code) |\n| Claude Desktop / Cowork | MCP server | [Claude Desktop / Cowork](#claude-desktop--cowork) |\n| Cursor / Windsurf | MCP server | [Cursor / Windsurf](#cursor--windsurf) |\n| OpenClaw | CLI workspace skill | [OpenClaw](#openclaw) |\n| Terminal / scripts / CI | CLI directly | [CLI](#cli) |\n\n### Claude Code\n\n```bash\nclaude mcp add passwd-mcp \\\n  -e PASSWD_ORIGIN=https://your-company.passwd.team \\\n  -- npx -y @pepuscz/passwd-mcp@1.0.5\n```\n\nRestart Claude Code and verify with `/mcp`.\n\n### Claude Desktop / Cowork\n\nOpen **Settings → Developer → Edit Config** (`~/Library/Application Support/Claude/claude_desktop_config.json`):\n\n```json\n{\n  \"mcpServers\": {\n    \"passwd-mcp\": {\n      \"command\": \"npx\",\n      \"args\": [\"-y\", \"@pepuscz/passwd-mcp@1.0.5\"],\n      \"env\": {\n        \"PASSWD_ORIGIN\": \"https://your-company.passwd.team\"\n      }\n    }\n  }\n}\n```\n\nRestart Claude Desktop.\n\n### Cursor / Windsurf\n\nAdd to your project's `.cursor/mcp.json` or `.windsurf/mcp.json`:\n\n```json\n{\n  \"mcpServers\": {\n    \"passwd-mcp\": {\n      \"command\": \"npx\",\n      \"args\": [\"-y\", \"@pepuscz/passwd-mcp@1.0.5\"],\n      \"env\": {\n        \"PASSWD_ORIGIN\": \"https://your-company.passwd.team\"\n      }\n    }\n  }\n}\n```\n\n### OpenClaw\n\nIntegrates as a [workspace skill](https://docs.openclaw.ai/tools/skills) using passwd-cli via `exec`. No plugins required.\n\n**1. Set your deployment URL** in `~/.openclaw/.env`:\n\n```\nPASSWD_ORIGIN=https://your-company.passwd.team\n```\n\n**2. Authenticate** (one-time — tokens cached at `~/.passwd/tokens.json`):\n\n```bash\nnpx -y @pepuscz/passwd-cli@1.0.5 login\n```\n\n**3. Create the skill** at `~/.openclaw/workspace/skills/passwd/SKILL.md`:\n\n````markdown\n---\nname: passwd\ndescription: \"Team password manager (passwd.team). Search, create, update, delete, and share passwords, API keys, SSH keys, payment cards, TOTP codes, and secure notes.\"\nmetadata:\n  {\n    \"openclaw\":\n      {\n        \"emoji\": \"🔑\",\n        \"requires\": { \"env\": [\"PASSWD_ORIGIN\"], \"bins\": [\"npx\"] },\n      },\n  }\n---\n\n# passwd\n\nManage team secrets via exec. Always use `--json` for structured output.\n\nCMD: `npx -y @pepuscz/passwd-cli@1.0.5`\n\n## Commands\n\nSearch:    CMD list -q \"search term\" --json\nGet:       CMD get SECRET_ID --json\nPassword:  CMD get SECRET_ID --field password\nTOTP code: CMD totp SECRET_ID\nCreate:    CMD create -t TYPE -n \"Name\" [-u user] [-p pass] [-w url] [--note text] [--tags t1 t2]\nUpdate:    CMD update SECRET_ID [-n name] [-p pass] [--note text] ...\nDelete:    CMD delete SECRET_ID -y\nShare:     CMD share SECRET_ID --json\nUnshare:   CMD share SECRET_ID --revoke\nGroups:    CMD groups --json\nContacts:  CMD contacts --json\nWhoami:    CMD whoami --json\n\nTypes: password, apiCredentials, databaseCredentials, sshKey, paymentCard, secureNote\n\n## Sharing\n\nTo share a secret with a group or user, first look up the ID:\n1. CMD groups --json  OR  CMD contacts --json\n2. CMD create ... --group GROUP_ID:read,write  OR  --user USER_ID:read\nPermissions: read, write, autofillOnly, passkeyOnly\n\n## Run with injected secrets\n\nFirst find the secret ID with `CMD list`, then inject its field as an env var:\nCMD exec --inject DB_PASS=SECRET_ID:password -- psql -h host -U user\n\n## Rules\n\n- ALWAYS confirm with user before deleting secrets\n- Use --json for all lookups so you get structured data\n- Run CMD create --help or CMD update --help for all options\n\n## Display\n\n- Never use tables or code blocks\n- Bold label, backtick value: **Username:** `value`\n- End credential output with 🔐\n- One field per line, skip empty fields\n- Lists: name and type only\n- TOTP: code and remaining seconds only\n````\n\n**4. Restart the gateway** so the skill is discovered on the next session.\n\n### CLI\n\n```bash\nexport PASSWD_ORIGIN=https://your-company.passwd.team\nnpx @pepuscz/passwd-cli@1.0.5 login\nnpx @pepuscz/passwd-cli@1.0.5 list\nnpx @pepuscz/passwd-cli@1.0.5 --help\n```\n\n### Building from source\n\n```bash\ngit clone https://github.com/pepuscz/passwd.git\ncd passwd\nnpm install \u0026\u0026 npm run build\n```\n\nThen use `node packages/passwd-mcp/dist/index.js` or `node packages/passwd-cli/dist/index.js` in place of `npx` commands above.\n\n## Upgrading\n\nCheck [releases](https://github.com/pepuscz/passwd/releases) for new versions, then update the version number in your config — MCP config, OpenClaw SKILL.md, or CLI alias — and restart the client.\n\n## Authentication\n\nGoogle OAuth2. On first use, the `passwd_login` tool (MCP) or `passwd login` (CLI) will guide you through authentication. Tokens are cached at `~/.passwd/tokens.json` and auto-refresh.\n\nSet `PASSWD_ACCESS_TOKEN` env var to skip OAuth entirely.\n\n## MCP tools reference\n\n| Tool | Description |\n|---|---|\n| `passwd_login` | Google OAuth login flow |\n| `list_secrets` | Search/list secrets (filter by query, type; paginate) |\n| `get_secret` | Get full secret details including password |\n| `create_secret` | Create a secret (all types, with sharing, files, visibleToAll) |\n| `update_secret` | Update a secret |\n| `delete_secret` | Delete a secret |\n| `get_totp_code` | Get current TOTP code for a secret |\n| `share_secret` | Enable or revoke a share link |\n| `get_current_user` | Get authenticated user profile |\n| `list_groups` | List workspace groups (IDs for sharing) |\n| `list_contacts` | List workspace contacts (IDs for sharing) |\n\n## CLI commands reference\n\n| Command | Description |\n|---|---|\n| `passwd login` | Authenticate with Google OAuth |\n| `passwd whoami` | Show current user |\n| `passwd list` | List/search secrets (`-q`, `-t`, `--json`) |\n| `passwd get \u003cid\u003e` | Get a secret (`--field` for raw value) |\n| `passwd create` | Create a secret (`-t`, `-n`, `--group`, `--user`, `--file`, `--visible-to-all`) |\n| `passwd update \u003cid\u003e` | Update a secret (`--group`, `--user`, `--file`, `--remove-file`, `--visible-to-all`) |\n| `passwd delete \u003cid\u003e` | Delete a secret (`-y` to skip confirmation) |\n| `passwd totp \u003cid\u003e` | Get current TOTP code |\n| `passwd share \u003cid\u003e` | Enable/revoke sharing (`--revoke`) |\n| `passwd groups` | List workspace groups |\n| `passwd contacts` | List workspace contacts |\n| `passwd exec` | Run command with secrets as env vars (`--inject VAR=ID:FIELD`) |\n\n## Configuration\n\n| Variable | Required | Description |\n|---|---|---|\n| `PASSWD_ORIGIN` | **Yes** | Your passwd.team URL (e.g. `https://your-company.passwd.team`) |\n| `PASSWD_ACCESS_TOKEN` | No | Skip OAuth — use a pre-existing Bearer token |\n| `PASSWD_API_URL` | No | API base URL override |\n| `PASSWD_CLIENT_ID` | No | Google OAuth client ID override (auto-discovered from deployment) |\n\n## Project structure\n\n```\npackages/\n  passwd-lib/   Core library (types, auth, API — zero dependencies)\n  passwd-mcp/   MCP server (depends on passwd-lib)\n  passwd-cli/   CLI (depends on passwd-lib)\n```\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpepuscz%2Fpasswd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpepuscz%2Fpasswd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpepuscz%2Fpasswd/lists"}