Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/8go/pass-grave
An extension for pass (the standard Unix password manager) to easily hide the metadata of the password store
https://github.com/8go/pass-grave
extension grave hide-metadata pass password-store passwordstore script tomb
Last synced: 4 days ago
JSON representation
An extension for pass (the standard Unix password manager) to easily hide the metadata of the password store
- Host: GitHub
- URL: https://github.com/8go/pass-grave
- Owner: 8go
- License: gpl-3.0
- Created: 2019-04-10T14:44:19.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2021-09-11T10:53:56.000Z (over 3 years ago)
- Last Synced: 2024-11-10T00:33:11.655Z (about 1 month ago)
- Topics: extension, grave, hide-metadata, pass, password-store, passwordstore, script, tomb
- Language: Shell
- Size: 24.4 KB
- Stars: 15
- Watchers: 4
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-password-store - pass-grave - data by placing the whole tree of passwords inside an encrypted grave (like pass-tomb but simpler and more lightweight). (Extensions / All other extensions)
README
# pass-grave
An extension for [pass](https://www.passwordstore.org/) (the standard Unix password manager) to easily hide the metadata of the password store## Motivation
Why a "grave"?
```
pass by default shows meta-data in the password store. Someone with access
to your computer might find ~/.password-store/email/google/[email protected]
and conclude you have an account with Google and the account name is
"[email protected]". The same for your banking information, etc.The idea for pass-grave comes from
pass-tomb: https://github.com/roddhjav/pass-tomb#readme
In order to hide this meta-data you can use pass-tomb to place the
password store into a tomb (https://www.dyne.org/software/tomb/).
The same you can do with this, pass-grave.A "grave" is similar to a tomb but a lot lighter and simpler.
With "pass grave close" you place the complete passwordstore
into the grave, and close the grave, reducing everything to a single
file without any meta-data.With "pass grave open" you open the grave, take all the information
out of the grave and restore the complete passwordstore to its former
state.So, typically the first operation of a pass session is to open the grave
and the very step is to close the grave.
```## Usage
```
Usage:
pass grave open
On the first run it creates a directory ".grave" in \$PASSWORD_STORE_DIR.
By default this is ~/.password-store/.grave".
If the grave directory with a grave exists it will open it and
restore the full password store. Once restored the grave will be removed.
The grave is represented with the file
~/.password-store/.grave/passwordstore.grave.tar.gz2.gpg.
The grave is encrypted with the pass GPG key and hence
the content of the grave and all its meta-data is protected and
hidden.
pass grave close
If the grave does not exist, "close" creates a copy of the complete password
store by creating a compressed tar-file with extension .tar.bz2 and
encrypts it with the pass GPG key.
Thereafter the password store is removed leaving only the grave file
and other files that hold no meta-data (e.g. extensions, backups, gpg-id).
pass grave help
Prints this help message.
pass grave version
Prints the version number.
```## Examples
### Example 1: Opening the grave
```
$ pass grave open
```
This opens the grave at the beginning of a session,
extracts and restores the password store from the grave file
and then removes the grave file.### Example 2: Closing the grave
```
$ pass grave close
```
This creates the grave, places the complete password store into it
and then removes the password store with its meta-data
(except some files holding no meta-data). All meta-data
is hiden now.
The grave file is a single compressed and GPG encrypted file.
The grave can be found at ```$PASSWORD_STORE_DIR/.grave```
e.g. ```~/.password-store/.grave/passwordstore.grave.tar.gz2.gpg```.
## InstallationFor installation download and place this bash script file ```grave.bash``` into
the passwordstore extension directory specified with ```$PASSWORD_STORE_EXTENSIONS_DIR```.
By default this is ```~/.password-store/.extensions```.
```
$ cp grave.bash ~/.password-store/.extensions
```
Give the file execution permissions:
```
$ chmod 700 ~/.password-store/.extensions/grave.bash
```
Set the variable ```PASSWORD_STORE_ENABLE_EXTENSIONS``` to true to enable extensions.
```
$ export PASSWORD_STORE_ENABLE_EXTENSIONS=true
```
Download and source the bash completion file ```pass-grave.bash.completion``` for bash completion.
```
$ source ~/.password-store/.bash-completions/pass-grave.bash.completion
```
Type ```pass grave close``` to create your first grave.
```
$ pass grave close
```PS: The `Makefile` provided by @celenium can help you in the installation. Type `make install`.
## Idea came from
- `pass-tomb` from [https://github.com/roddhjav/pass-tomb#readme](https://github.com/roddhjav/pass-tomb#readme)
- `tomb` from [https://www.dyne.org/software/tomb/](https://www.dyne.org/software/tomb/)## Requirements
- `pass` from [https://www.passwordstore.org/](https://www.passwordstore.org/)
- `tar` to be installed for zipping and compression.## Notes
Both files are tiny: 200 lines (script) and 23 lines (autocompletion) respectively. You can check them yourself quickly. No need to trust anyone.
## Contributions
- Contributions and PRs are welcome. :heart:
- A big shoutout to the contributors so far: @celenium, @Inesgor, and @moppman. :clap: