https://github.com/othedev/pwdm
Rudimentary command-line tool and Rust library for managing passwords
https://github.com/othedev/pwdm
aes-gcm argon2 command-line password-manager rust
Last synced: 3 months ago
JSON representation
Rudimentary command-line tool and Rust library for managing passwords
- Host: GitHub
- URL: https://github.com/othedev/pwdm
- Owner: OTheDev
- License: apache-2.0
- Created: 2024-04-20T21:06:33.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2024-05-14T16:00:57.000Z (about 1 year ago)
- Last Synced: 2025-02-15T17:09:40.636Z (3 months ago)
- Topics: aes-gcm, argon2, command-line, password-manager, rust
- Language: Rust
- Homepage: https://crates.io/crates/pwdm
- Size: 90.8 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
[
](https://github.com/OTheDev/pwdm)
[](https://github.com/OTheDev/pwdm/actions/workflows/test.yml)
[](https://github.com/OTheDev/pwdm/actions/workflows/static.yml)
# pwdm - Password Manager
Rudimentary command-line tool and Rust library for managing passwords.
## Password Database
Passwords are encrypted and stored in a SQLite database where each password is
uniquely identified by a **service** name and an optional **username**.
## Security
Each password is encrypted using AES-256-GCM before it is stored in the database.
`pwdm` uses the user-provided **master password** (with a randomly-generated
salt) as an input to the [Argon2](https://en.wikipedia.org/wiki/Argon2) key
derivation function (Argon2id) to derive the encryption key. There exists one
master password associated with a database file. When the master password is
first provided, Argon2 is also used (with another randomly-generated salt) to
hash the password to a PHC string appropriate for password-based authentication.
The hash is stored in the database to authenticate the master password in
subsequent invocations.
The master password should be *strong*. Consequently, as a precaution, this
password manager uses [Dropbox's `zxcvbn`](https://github.com/dropbox/zxcvbn)
password strength estimator whenever the master password is set or updated, and
enforces that `zxcvbn`'s estimate (an integer in `[0, 4]`) for the given
password is the maximum possible score of 4, which is documented to indicate
"strong protection from offline slow-hash scenario(s)". [Try `zxcvbn`
interactively](https://lowe.github.io/tryzxcvbn/).
## Command-line
```console
$ pwdm --help
Command-line password manager.
Usage: pwdm [OPTIONS]
Options:
-p, --path Path to the database file
-h, --help Print help
-V, --version Print version
```
By default, the `pwdm` CLI stores the password database file at
`~/.pwdm/passwords.db`. To specify a custom path, use the `-p` or `--path`
option or set the `PWDM_PATH` environment variable.
On the command-line, after entering the master password, the following
interactive commands can be used:
- `Add`: Add a new password.
- `Get`: Retrieve a password.
- `Delete`: Remove a password entry.
- `Update`: Update an existing password.
- `List`: List all password IDs.
- `Update Master Password`: Update the master password.
- `Exit`: Exit the program.
In `Add` or `Update`, either input a password manually or choose to
automatically generate a secure one.
### Installation
```shell
cargo install pwdm
```
## License
`pwdm` is licensed under Apache-2.0.