vault
vault is a simple password manager. Given a passphrase and the name of a
service, it returns a strong password for that service. You only need to
remember your passphrase, which you do not give to anyone, and vault will give
a different password for every service you use. The passphrase can be any text
you like.
Given the same passphrase and service name, the program will generate the same
result every time, so you can use it to look up those impossible-to-remember
passwords when you need them.
According to Dropbox's zxcvbn password strength
measure, if your dictionary
English password takes about a second to crack, those generated by vault take
over a million times the age of the observable universe to crack by brute force.
Why?
I have a terrible memory and like keeping my stuff safe. Strong
service-specific passwords are hard to remember, and many
services have stupid restrictions on
passwords. I want to
remember one phrase and have a machine deal with making my passwords strong.
Installation
This program is written in JavaScript. It provides a CLI and a web-based
interface. The command line interface is available as a Node program. To
install with npm run:
npm install -g vault
To enable tab-completion for bash, add this to your .bashrc scripts:
which vault > /dev/null && . "$( vault --initpath )"
If you want to use the web interface provided with vault (like
https://getvau.lt/) you need to serve the static files found in the web folder
using your favourite web server.
Usage
The most basic usage involves passing your passphrase and the service name; when
you pass the --phrase or -p flag you will be prompted for your passphrase:
$ vault google -p
Passphrase: *********
2hk!W[L,2rWWI=~=l>,E
You can set the desired length using --length or -l:
$ vault google -p -l 6
Passphrase: *********
Tc8k~8
You can control the character types present in the output, either to disable
certain types or make sure they are present. For example, to get a password with
no symbols in it:
$ vault google -p --symbol 0
Passphrase: *********
Bb4uFmAEUnTPJh23ecdQ
To get a password containing at least one dash and uppercase letter:
$ vault google -p --dash 1 --upper 1
Passphrase: *********
2-[w]thuTK8unIUVH"Lp
Available character classes include:
lower: lowercase letters,a-zupper: uppercase letters,A-Znumber: the digits0-9space: the space characterdash: dashes (-) and underscores (_)symbol: all other printable ASCII characters
Finally, some sites do not allow passwords containing strings of repeated
characters beyond a certain length. For example, a site requiring passwords not
to contain more than two of the same character in a row would reject the
password ZOMG!!! because of the 3 ! characters. vault lets you express
this requirement using --repeat or -r; this option sets the maximum number
of times the same character can appear in a row.
$ vault google -p -r 2
Using your SSH private key
Instead of a simple passphrase, vault can use a value signed using your SSH
private key as its input. Use the --key or -k option:
$ vault twitter -k
Which key would you like to use?
1: james@tesla, AAAAB3NzaC1y...+XRS6wsfyB7D
2: james@tesla, AAAAB3NzaC1y...B4vwPOArAIKb
Enter a number (1-2): 1
\vXY"xP}m7;,./eI{cz<
If you only have one private key, that is used automatically. If you have
several, a menu is displayed as above using snippets from the corresponding
public keys. You will be prompted to unlock the selected key if necessary.
Note that all the prompts shown to you while using vault are printed to stderr
and the generated password to stdout, so you can pipe vault to pbcopy and
you'll just get the password in your clipboard, i.e.:
$ vault twitter -k