Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/8go/pass-grave

An extension for pass (the standard Unix password manager) to easily hide the metadata of the password store
https://github.com/8go/pass-grave

extension grave hide-metadata pass password-store passwordstore script tomb

Last synced: 4 days ago
JSON representation

An extension for pass (the standard Unix password manager) to easily hide the metadata of the password store

Awesome Lists containing this project

README

        

# pass-grave
An extension for [pass](https://www.passwordstore.org/) (the standard Unix password manager) to easily hide the metadata of the password store

## Motivation

Why a "grave"?
```
pass by default shows meta-data in the password store. Someone with access
to your computer might find ~/.password-store/email/google/[email protected]
and conclude you have an account with Google and the account name is
"[email protected]". The same for your banking information, etc.

The idea for pass-grave comes from
pass-tomb: https://github.com/roddhjav/pass-tomb#readme
In order to hide this meta-data you can use pass-tomb to place the
password store into a tomb (https://www.dyne.org/software/tomb/).
The same you can do with this, pass-grave.

A "grave" is similar to a tomb but a lot lighter and simpler.
With "pass grave close" you place the complete passwordstore
into the grave, and close the grave, reducing everything to a single
file without any meta-data.

With "pass grave open" you open the grave, take all the information
out of the grave and restore the complete passwordstore to its former
state.

So, typically the first operation of a pass session is to open the grave
and the very step is to close the grave.
```

## Usage

```
Usage:
pass grave open
On the first run it creates a directory ".grave" in \$PASSWORD_STORE_DIR.
By default this is ~/.password-store/.grave".
If the grave directory with a grave exists it will open it and
restore the full password store. Once restored the grave will be removed.
The grave is represented with the file
~/.password-store/.grave/passwordstore.grave.tar.gz2.gpg.
The grave is encrypted with the pass GPG key and hence
the content of the grave and all its meta-data is protected and
hidden.
pass grave close
If the grave does not exist, "close" creates a copy of the complete password
store by creating a compressed tar-file with extension .tar.bz2 and
encrypts it with the pass GPG key.
Thereafter the password store is removed leaving only the grave file
and other files that hold no meta-data (e.g. extensions, backups, gpg-id).
pass grave help
Prints this help message.
pass grave version
Prints the version number.
```

## Examples

### Example 1: Opening the grave
```
$ pass grave open
```
This opens the grave at the beginning of a session,
extracts and restores the password store from the grave file
and then removes the grave file.

### Example 2: Closing the grave
```
$ pass grave close
```
This creates the grave, places the complete password store into it
and then removes the password store with its meta-data
(except some files holding no meta-data). All meta-data
is hiden now.
The grave file is a single compressed and GPG encrypted file.
The grave can be found at ```$PASSWORD_STORE_DIR/.grave```
e.g. ```~/.password-store/.grave/passwordstore.grave.tar.gz2.gpg```.

## Installation

For installation download and place this bash script file ```grave.bash``` into
the passwordstore extension directory specified with ```$PASSWORD_STORE_EXTENSIONS_DIR```.
By default this is ```~/.password-store/.extensions```.
```
$ cp grave.bash ~/.password-store/.extensions
```
Give the file execution permissions:
```
$ chmod 700 ~/.password-store/.extensions/grave.bash
```
Set the variable ```PASSWORD_STORE_ENABLE_EXTENSIONS``` to true to enable extensions.
```
$ export PASSWORD_STORE_ENABLE_EXTENSIONS=true
```
Download and source the bash completion file ```pass-grave.bash.completion``` for bash completion.
```
$ source ~/.password-store/.bash-completions/pass-grave.bash.completion
```
Type ```pass grave close``` to create your first grave.
```
$ pass grave close
```

PS: The `Makefile` provided by @celenium can help you in the installation. Type `make install`.

## Idea came from

- `pass-tomb` from [https://github.com/roddhjav/pass-tomb#readme](https://github.com/roddhjav/pass-tomb#readme)
- `tomb` from [https://www.dyne.org/software/tomb/](https://www.dyne.org/software/tomb/)

## Requirements

- `pass` from [https://www.passwordstore.org/](https://www.passwordstore.org/)
- `tar` to be installed for zipping and compression.

## Notes

Both files are tiny: 200 lines (script) and 23 lines (autocompletion) respectively. You can check them yourself quickly. No need to trust anyone.

## Contributions

- Contributions and PRs are welcome. :heart:
- A big shoutout to the contributors so far: @celenium, @Inesgor, and @moppman. :clap: