lockbox

password manager
Log | Files | Refs | README | LICENSE

README.md (2625B)

      1 lockbox
      2 ===
      3 
      4 A [pass](https://www.passwordstore.org/) inspired password manager that uses a system
      5 keyring, command, or plaintext solution for password input (over using a gpg key only) and uses a kdbx database as the backing data store.
      6 
      7 # install
      8 
      9 Build locally or install via go
     10 ```
     11 go install github.com/enckse/lockbox/cmd/lb@latest
     12 ```
     13 
     14 # usage
     15 
     16 ## upfront
     17 
     18 While `lb` uses a `.kdbx` formatted file that can be opened by a variety of tools, it is highly opinionated on how it will store data in the database. Any
     19 `.kdbx` used with `lb` should be managed by `lb` with a fallback ability to use other tools to alter/view the file otherwise. Mainly, lockbox itself
     20 uses a common format so that it does not lock a user into a custom file format nor rely entirely on gpg.
     21 `lb` does try to play nice with standard fields used within kdbx files, but it may disagree with other tools on how to manage/store/update them.
     22 
     23 ## configuration
     24 
     25 `lb` uses TOML configuration file(s)
     26 
     27 ```
     28 config.toml
     29 ---
     30 # database to read
     31 store = "$HOME/.passwords/secrets.kdbx"
     32 
     33 [credentials]
     34 # the keying object to use to ACTUALLY unlock the passwords (e.g. using a gpg encrypted file with the password inside of it)
     35 # alternative credential settings for key files are also available
     36 password = ["gpg", "--decrypt", "$HOME/.secrets/key.gpg"]
     37 ```
     38 
     39 Use `lb help verbose` for additional information about functionality and
     40 `lb help config` for details on configuration variables
     41 
     42 ### supported systems
     43 
     44 `lb` should work on combinations of the following:
     45 - linux/macOS/WSL
     46 - zsh/bash (for completions)
     47 - amd64/arm64
     48 
     49 ## usage
     50 
     51 ### clipboard
     52 
     53 Copy entries to clipboard
     54 ```
     55 lb clip my/secret/password
     56 ```
     57 
     58 ### insert
     59 
     60 Create a new entry
     61 ```
     62 lb insert my/new/key/password
     63 ```
     64 
     65 ### list
     66 
     67 List entries
     68 ```
     69 lb ls
     70 ```
     71 
     72 ### remove
     73 
     74 To remove an entry
     75 ```
     76 lb rm my/old/key
     77 ```
     78 
     79 ### show
     80 
     81 To see the text of an entry
     82 ```
     83 lb show my/key/notes
     84 ```
     85 
     86 ### totp
     87 
     88 To get a totp token
     89 ```
     90 lb totp show token/path/otp
     91 ```
     92 
     93 The token can be automatically copied to the clipboard too
     94 ```
     95 lb totp clip token/path/otp
     96 ```
     97 
     98 ### rekey
     99 
    100 To rekey (change password/keyfile) use the `rekey` command
    101 ```
    102 lb rekey -keyfile="my/new/keyfile"
    103 ```
    104 
    105 ### completions
    106 
    107 generate shell specific completions (via auto-detect using `SHELL`)
    108 ```
    109 lb completions
    110 ```
    111 
    112 ## git integration
    113 
    114 To manage the `.kdbx` file in a git repository and see _actual_ text diffs add this to a `.gitconfig`
    115 ```
    116 [diff "lb"]
    117     textconv = lb conv
    118 ```
    119 
    120 Setup the `.gitattributes` for the repository to include
    121 ```
    122 *.kdbx diff=lb
    123 ```
    124 
    125 ## build
    126 
    127 Clone this repository and:
    128 ```
    129 make
    130 ```
    131 
    132 _run `make check` to run tests_