The ultimate password manager
I hate passwords. Thoroughly. I always forget them, so I tried several password managers but I don’t really like any of them. Revelation is the nicest so far, but it misses some flexibility. Ideally, a password manager would be just an editor that saves files encrypted, so I tried mped which seems to be able to do that. Not liking it, I hate using yet another editor. Wait… yet another editor…?
At that point I slapped myself in the head for overlooking the obvious solution for the ultimate password manager: vim. It is my editor of choice and can be scripted. 2 lines in ~/.vimrc and it’s the ultimate password editor, allowing you to encrypt everything with gpg easily. Only two passwords left to remember: user account and gpg key. Profit.
map <F12> <Esc>:%!gpg --encrypt --armor --recipient dennis@kaarsemaker.net<CR><CR><C-l> map <S-F12> <Esc>:%!gpg --decrypt 2>/dev/null<CR><CR><C-l>
F12 now encrypts and Shifs+F12 decrypts. Yay!
Update: it can be done even nicer
Wonderful idea!
adding this to your .vimrc makes it even nicer:
” Transparent editing of gpg encrypted files.
” By Wouter Hanegraaff
augroup encrypted
au!
” First make sure nothing is written to ~/.viminfo while editing
” an encrypted file.
autocmd BufReadPre,FileReadPre *.gpg set viminfo=
” We don’t want a swap file, as it writes unencrypted data to disk
autocmd BufReadPre,FileReadPre *.gpg set noswapfile
” Switch to binary mode to read the encrypted file
autocmd BufReadPre,FileReadPre *.gpg set bin
autocmd BufReadPre,FileReadPre *.gpg let ch_save = &ch|set ch=2
autocmd BufReadPost,FileReadPost *.gpg ‘[,’]!gpg –decrypt 2> /dev/null
” Switch to normal mode for editing
autocmd BufReadPost,FileReadPost *.gpg set nobin
autocmd BufReadPost,FileReadPost *.gpg let &ch = ch_save|unlet ch_save
autocmd BufReadPost,FileReadPost *.gpg execute “:doautocmd BufReadPost ” . expand(”%:r”)
” Convert all text to encrypted text before writing
autocmd BufWritePre,FileWritePre *.gpg ‘[,’]!gpg –default-recipient-self -ae 2>/dev/null
” Undo the encryption so we are back in the normal text, directly
” after the file has been written.
autocmd BufWritePost,FileWritePost *.gpg u
augroup END
it makes vim automatically handle .gpg files, with proper encrypting and decrypting, setting proper (safe) environment and so on :)
Nice one! I knew this was possible but my vimscripting skills are not nearly at a reasonable level :)
There’s a vim plugin called “gnupg” which will do this automagically for you. It’s a great plugin, and I use it myself for my password files. Works great!
I keep my passwords in a plain text, colon-delimited file. One line per password. Then it is really simple to use grep or awk to pull out the password you’re looking for.
I should encrypt them but never have. If they were encrypted, it would be easy to use GnuPG and sed to add to the contents of the file (i.e. add another password) without even opening a text editor.
I’ve never seen the point of a “password manager” on a Unix system though, with stuff like awk, grep, GnuPG, and vim already available.
It can be done even better, vim has built-in encryption support:
Open a new file with “vim -x sectet.txt” and you will be asked for a password twice, the file will be automatically encrypted on disk.
Open the file with vim normally, the password gets asked and the file is shown unencrypted.
Vim rules!!!11elf
Your vim-based solution and other console-based password managers have a major flaw—the password must be displayed on the screen for you to copy it. This is inconvenient if you need to pull up a password while others are watching.
Many (well-written) GUI-based password managers don’t have this problem, as they can copy to the clipboard directly.
How can I get Vim (or Cream) to encrypt/decrypt just the selected text? I am doing this now with the plugin for gedit. The encrypted result is like shown below. I can decrypt just by selecting the text and picking decrypt from the edit menu. This is what I would like to do in Vim/Cream. Any suggestions for me? Thanks.
This is a test of gpg with gedit. This is my document. It includes a few lines that are encrypted.
—–BEGIN PGP MESSAGE—–
Version: GnuPG v1.4.6 (GNU/Linux)
hQIOA70D9kgXrV4FEAf/Uy9wLsazJ6mi+Ncmi11SwmyzNhoSpfbKnaVFGwzLGvmp
x/X0dkXzmsnT0rnAoTJAKf5NLsxDtTH6hxNG9NjQ77nmKmftZQLz5kQvkN4zDDLN
RFUhH+Rb4VqZr6CT5+XQcAWQtysMTu0CRh+91auwSBudhu0uY0YOetvvnI+WOqO1
0ygJ1/Pkr4zxX3RnmqRa23vWedfdB4ePHgvk4pjX5QveNB2/IhEH1gKFTAhjlxQc
pNJWAT8DJBKMcgHDxpro2ndEg6YshF0oORpcC4o3Ln+b+rsPQGnzSlb+6buLp85Z
pc+BFYkJcuT3wJ3alhKiHjkxIUAtw3O5YtgxktPMyf3jxadSS/39hxM=
=MZGO
—–END PGP MESSAGE—–
I would much rather use Vim (or Cream) than one of the GUI-based password managers. I looked at all of them and none fit all my needs.
end of my text doc.