Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/evgeni/pwstore

fork of https://code.google.com/p/pwstore
https://github.com/evgeni/pwstore

Last synced: 1 day ago
JSON representation

fork of https://code.google.com/p/pwstore

Host: GitHub
URL: https://github.com/evgeni/pwstore
Owner: evgeni
Created: 2014-03-07T09:15:25.000Z (over 10 years ago)
Default Branch: devel
Last Pushed: 2020-07-02T07:11:47.000Z (over 4 years ago)
Last Synced: 2024-04-19T11:08:00.332Z (6 months ago)
Language: Ruby
Size: 35.2 KB
Stars: 0
Watchers: 4
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.asciidoc

Awesome Lists containing this project

README

PWS(1)
======
:doctype: manpage

NAME
----
pws - password store management

SYNOPSIS
--------
*pws* 'COMMAND' ['OPTIONS']

DESCRIPTION
-----------

The pws tool allows you to store passwords (or anything else, really) in
a set of encrypted files. Each file can be encrypted to a different set
of users. pws helps you with the bookkeeping of which keys to encrypt
each file to and provides a convinient wrapper to edit protected files.

In the intended use the directory with the encrypted passwords would be
under SCM control and shared with other people who need access.

initialization
--------------

First you need a file where your users and group are defined in. This
file is named .users. Lines consist of assignments of the form
=
and
@ = |@ [, |@ ...]

Lines starting with a # are comments and thus get ignored.

--------------------------------
% cat .users
# This file needs to be gpg signed by a key whose fingerprint
# is listed in ~/.pws.yaml

formorer = 6E3966C1E1D15DB973D05B491E45F8CA9DE23B16
weasel = 25FC1614B8F87B52FF2F99B962AF4031C82E0039
@admins = formorer, weasel

zobel = 6B1856428E41EC893D5DBDBB53B1AC6DB11B627B
maxx = 30DC1D281D7932F55E673ABB28EEB35A3E8DCCC0
@vienna = zobel, maxx

@all = @admins, @vienna

# gpg --clear .users && mv .users.asc .users
--------------------------------

The .users file is designed to live in a SCM repository, such as git,
alongside all the other encrypted files. In order to prevent
unauthorized tampering with the .users file - for tricking somebody to
re-encrypt data to the wrong key - the .users file needs to be
PGP-clearsigned with a key from a whitelist.

This whitelist lives in ~/.pws.yaml under the trusted_users key and
then under the directory name. A sample file looks like:

---------------------------------
aliases:
debian:
- &tfheen A28411A596193171331802C0B65A4871CA19D717
- &weasel 25FC1614B8F87B52FF2F99B962AF4031C82E0039

trusted_users:
"~/.pws":
- *tfheen
"~/debian/dsa-passwords":
- *tfheen
- *weasel
---------------------------------

adding a new file
-----------------

-----------------------------
% pws ed -n file
-----------------------------

editing files
-------------

Every file needs a header like:

------------------------------
access: @admins, maxx
------------------------------

You can edit the encrypted file with the pws tool: +pws ed file+.

updating the keyring
--------------------

If available as .keyring pws instructs GnuPG to use this keyring in
addition to the user's default keyrings. This allows sharing of the
keyring in the repository. Use +pws update-keyring+ to
update/initialize this keyring.

AUTHOR
------
Peter Palfrader , Tollef Fog Heen