Years ago, I have read a blog post about managing your passwords using ed and gpg, unfortunately, I can not remember the author. Two years ago, I decided to give it a try because the few tools I tried were too obscure, required databases, were too complicated to use.
The principle is easy: - run /bin/ed (without rlwrap) - use r !gpg2 to load protected file - use W !gpg2 to save file
Why ed? Because it does not save any temporary file.
I use two different methods, depending I want to get a password or if I want to add/change a password.
Writing / changing
/bin/ed a # something my login / my password some annotation if required . W !gpg2 -r solene@mydomain -e > .password Q
Now I have a .password file requiring my private gpg key to be decrypted.
As I could use ed but I don’t want to type anything, I decrypt the file and pipe it to less.
gpg2 -d < .password | less
Tips: easy reminder
As I sometimes forget about the gpg commands and my command to generate new passwords, I have put those 3 lines as a reminder at the top of the file.
W !gpg2 -r solene@domain -e > .password r !gpg2 -d < .password pwgen -cnys 20
Tips: works for everything
You can have multiples files like .password-personal .password-work or you can use it for anything you want.
Tips: scripting ed
While it is possible to send some init commands to ed it has some limitations.
You can use
( echo "r !gpg2 -d < .password" ; cat - ) | /bin/ed so ed
will receive the read command and then cat will wait for your inputs to send it
to ed, it works, but if you type a newline in ed without any command, cat
will end and so ed will exits. It works but it is a bit clumsy.