Simple password management with Bash and GPG

A while ago I was looking for a password management solution that I could trust, so of course being as paranoid as I am I decided to write my own. Now I’ve decided to share what I came up with.

My system takes the form of two bash functions which inhabit my .bashrc file. First is a password generation function:

This generates a 12 character alphanumeric password using pwgen and appends it to my password file along with a user supplied token (which is later used to retrieve the password. The password file is a tab separated file stored in the the home directory and encrypted with GPG. The password is copied to the clipboard with the xclip tool, where it stays for ten seconds before being wiped.

The second part of the system is a function to retrieve the password:

This function grabs the password from the secure file and again copies it to the clipboard ready to be pasted to wherever it is needed. Again the clipboard is cleared after ten seconds to prevent passwords hanging around to long.

To use these function just place them in your .bashrc file along with a definition of the MY_EMAIL variable (to allow GPG to find your key) and then source the file (or restart bash). Obviously you’ll need GPG, pwgen and xclip which on Fedora can be installed with:

Usage is very simple, just run each function in a terminal with an identification token as the argument:

That’s it! Feel free to give it a try. Improvments are most welcome, so please post them in the comments section.

One thought on “Simple password management with Bash and GPG

  1. Instead of writing the file as plaintext to your $HOME and then re-encrypting it, you could do the appending in one step:

    (gpg-decrypt-command; echo “$(pwgen -n 12 1) $1”) | gpg-encrypt-command

    (Where “gpg-decrypt-command” and “gpg-encrypt-command” are the commands to decrypt and encrypt the file) – you might have to set a different output file in the encrypt command and then “mv” the new file over the old one to not clobber the file (as you are using one long command).

    In addition to that, I’d just call the pw() function directly at the end of the pwg() function, which makes the pwg() function shorter and avoids code duplication (I’m assuming you are using GPG-agent or something, otherwise using pw() would result in another passphrase query).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.