v1.3
Command line password manager.
You need python 3.9 to create executable and run vault password manager.
curl -L https://github.com/schwarzbox/Vault/archive/master.zip --output Vault.zip
unzip Vault.zip
rm Vault.zip
cd Vault-master
# create virtual environment to install shiv
python3 -m venv venv-shiv
. venv-shiv/bin/activate
pip3 install shiv
# create vault executable in the current dir
shiv -c vault -o vault --preamble preamble.py .
deactivate
# remove venv-shiv
rm -rf venv-shivYou can move vault to /usr/local/bin for Mac and Linux OS.
mv vault /usr/local/bincurl -L 'https://github.com/schwarzbox/Vault/archive/master.zip' --output Vault.zip
unzip Vault.zip
cd Vault-master
chmod 744 install.sh
# run in the same process
source ./install.shvault -h
vault --infovault --version# enter login and run sign-up process
vault [email protected] -up
# sign-in with login
vault [email protected] -in
# you can omit flag -in
vault [email protected]Note: User can use same login with new password to create different vault.
Use example below or use sample.json to test password manager.
{
"π email": {
"login": "[email protected]",
"password": "1234"
},
"βοΈ aws": {
"login": "[email protected]",
"password": "5678"
},
"π§° database": {
"django-local": "DATABASE_NAME=MYDB\nDATABASE_USER=postgres\nDATABASE_PASSWORD=''\nDATABASE_HOST=127.0.0.1\nDATABASE_PORT=5432\nDATABASE_CONN_MAX_AGE=600"
},
"π personal": {
"WIFI-HOME": "wifi-av"
}
}Load sample.json using command line or use TUI after sign-in.
vault [email protected] --load sample.jsonvault [email protected] --dumpvault [email protected] -rmIternally Vault use python package appdirs to determine where to save local encrypted database. For MacOS it is "~/Library/Application Support/VaultDB".
vault --findVault creates default database and --source flag set to None. You can provide remote or local source for current session.
Upload encrypted database in GitHub or anywere else.
Load database in github repo. It is safe if you upload encrypted data.
vault [email protected] --source 'https://raw.githubusercontent.com/MYGIT/MYREPO/main/vault_data'Load vault database in private github repo. You need to provide token. But this token expired and you need to generate new link.
vault [email protected] --source 'https://raw.githubusercontent.com/MYGIT/MYREPO/main/vault_data?token=TOKEN'You can create secret gist and load encrypted database.
vault [email protected] --source 'https://gist.githubusercontent.com/MYGIT/1234/raw/1234/vault_data'You can switch to remote source at runtime using TUI.
Add, update and clear data in the local vault
vault [email protected] -g aws loginvault [email protected] -g aws login | wc -cvault [email protected] -lvault [email protected] -a aws login [email protected]vault [email protected] -u awsYou can update group name only
vault [email protected] -u group myawsYou can update key name only
vault [email protected] -u myaws myaws login usernameYou should use 5 arguments to update value
vault [email protected] -u myaws myaws username username [email protected]vault [email protected] -c myaws usernamevault [email protected] -eVault use SHA256 algorithm. Database is a simple JSON file.
- When user sign-up app creates safe key using login and password.
- App combine login and password in one credential string.
- App uses safe key to encode credential string and get user token.
- User token uses as unique key for the user vault.
- All data in the user vault encrypted using safe key.
- When user sign-in app creates new safe key from provided login and password.
- App tries to decode each user token in database and compare with provided login and password.
- User successfully sign-in when provided login and password matches with decoded data from user token.
Vault never save your decrypted password. Still no way to restore it and decode ecrypted data without password.