commit cd37b178078e05d2cb3d295658abcc2e0320c77f (patch)
parent 997fcff814b920b5c5fa2982a6265a96e1d6ed8d
Author: Alex Karle <alex@karle.co>
Date: Sun, 22 Dec 2019 00:49:02 -0500
secrets: use pash for password management
I've been using pash, a POSIX sh script to manage passwords, for
a couple weeks now and it meets most of my criteria for a password
manager:
* easy to use
* easy to audit (and understand fully)
* portable (although I still need to figure out a mobile client)
This commit both adds pash as a submodule (so it gets cloned in) and
updates mutt/offlineimap to use it to show the passwords.
Diffstat:
6 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/.gitmodules b/.gitmodules
@@ -19,3 +19,6 @@
[submodule "vim/pack/plugins/start/vim-gitgutter"]
path = vim/pack/plugins/start/vim-gitgutter
url = https://github.com/airblade/vim-gitgutter
+[submodule "deps/pash"]
+ path = deps/pash
+ url = https://github.com/dylanaraps/pash
diff --git a/bash/bashrc b/bash/bashrc
@@ -25,6 +25,9 @@ shopt -s checkwinsize # check win size after each cmd, update if needed
# Put ~/bin on the path to facilitate personal customizations
export PATH=$HOME/bin:$PATH
+# Setup for pash password manager
+export PASH_KEYID='alex@karle.co'
+
# Custom find function
function ff {
find . -name "*$1*"
diff --git a/deps/pash b/deps/pash
@@ -0,0 +1 @@
+Subproject commit 2fb2092447b1577b47fbf9bc682e7fcb7e98efce
diff --git a/install.sh b/install.sh
@@ -22,9 +22,6 @@ try_ln() {
fi
}
-# Top level dirs
-try_ln $DOTFILES/vim $HOME/.vim
-
# bin scripts
mkdir -p $HOME/bin
for f in $DOTFILES/bin/*; do
@@ -43,3 +40,7 @@ for d in bash tmux gdb X11; do
try_ln $f $HOME/.`basename $f`
done
done
+
+# Special cases
+try_ln $DOTFILES/vim $HOME/.vim
+try_ln $DOTFILES/deps/pash/pash $HOME/bin/pash
diff --git a/mutt/accounts/karleco.muttrc b/mutt/accounts/karleco.muttrc
@@ -13,5 +13,5 @@ set postponed="=Drafts"
# Never had an issue with the mutt SMTP. I'm all for the UNIX philosophy
# but since it's already there... may as well use it?
-set smtp_pass=`gpg --batch --quiet --decrypt ~/.config/mutt/accounts/karleco.gpg`
+set smtp_pass=`pash show mail/karleco`
set smtp_url="smtps://$from:$smtp_pass@smtp.fastmail.com:465"
diff --git a/offlineimap/get_pass.py b/offlineimap/get_pass.py
@@ -4,7 +4,7 @@
from subprocess import check_output
def get_pass():
- return check_output("gpg -dq ~/.config/mutt/accounts/karleco.gpg", shell=True).strip("\n")
+ return check_output("pash show mail/karleco", shell=True).strip("\n")
# If called via CLI, output the password to STDOUT
# Useful for things like GIT_ASKPASS
