1. As subprocess is used to encrypt / decrypt the safe with GPG, one can easily intercept the password, as it is passed as a flag to that subprocess (dumb way would be to call ps aux | grep gpg thousands of times a second and hope it will catch the subprocess call). Fix for this: Do not use --passphrase flag for gpg.
2. pick suggest reading the password from "PICK_TOKEN" env var:

   pick/pick

   Line 130 in 732ecce

   password = getenv('PICK_TOKEN', None)

   
   This should clearly not be done.

Why use gpg anyway? Why not symmetrically encrypt using openssl / derivate, which even offers nice ciphers like aes-gcm / chacha20 with AEAD to provide integrity? Also pick should probably not save the master password in memory. This then transfers all sensitive tasks (i.e. encryption, decryption & asking for "master" password) to external libraries.

Bash:

SSLLIB="openssl"
if type libressl > /dev/null 2>&1; then
    SSLLIB="libressl"
else
    # openssl doesn't support chacha \o/
    exit 1
fi

# ChaCha

# $ chacha-enc file.zip
chacha-enc() {
    $SSLLIB enc -chacha -e -in "$1" -out "$1.chacha"
}

# $ chacha-dec file.zip.chacha
chacha-dec() {
    $SSLLIB enc -chacha -d -in "$1" -out "${1%.*}"
}

It would be nice to offer a curl-able install script like dep's, e.g.

curl https://raw.githubusercontent.com/bndw/pick/master/install.sh | sh

Would be handy if you could delete entries as well

The manual installation steps in the readme fail on the make step.

$ make
GOPATH="/Users/x/code/pick:/Users/x/code/pick/vendor" go get github.com/rogpeppe/godeps
GOPATH="/Users/x/code/pick:/Users/x/code/pick/vendor" /Users/x/code/pick/vendor/bin/godeps -u dependencies.tsv
/bin/sh: /Users/x/code/pick/vendor/bin/godeps: No such file or directory
make: *** [goget] Error 127

cc: @leonklingele

This is really important. No one does backups until its too late ;)

Examples:

• Create a safe-backup before adding a new account
• Create a safe-backup at least once a day / once every hour (when pick is used)

These settings should be user-configurable in the config file.

The current Git branching model doesn't work well for a Go project.
For my bigger projects, I tend to use a different branching model:

• No Pull Requests should be merged directly to the master branch. Why? In the README we suggest to install pick by using go get / git clone. go get / git clone by default always fetches the latest master. Our master is not a stable release. It would be much better to fetch the latest (stable) release instead.
• New PRs should be opened against / merged into a new develop branch. When working on a new feature branch, do git checkout -b new-feature develop. Commit your stuff and open the PR against the develop branch. When not creating PRs, merge your feature to develop via git checkout develop ; git merge --no-ff new-feature (no-ff = no fast forward which means you will always get the merge message, e.g. Merge branch 'new-feature' into develop. This might seem annoying at first, but it really helps.)
• When doing a new release, do a git checkout -b release-0.1 develop (replace 0.1 with the version you want to release). In the release-0.1 branch then increase the version of pick and commit the changes. Now switch to the master branch and do a git merge --no-ff release-0.1. Then tag master and push everything.
• Now your develop branch should get all new changes from master: From develop do a git merge --no-ff master.

I can only recommend this model. It first seems a bit complicated / cluttered, but it works awesome.

For a more detailed version, please read: http://nvie.com/posts/a-successful-git-branching-model/

A command to change the safe's master password would be nice.

Move commands (add, cat, copy, export, list, remove) to commands package so the project's root folder doesn't get cluttered :)

Use a custom config for openpgp.ReadMessage and openpgp.SymmetricallyEncrypt to:

1. Use AES256 instead of the default AES128
2. Increase S2KCount from 65536 to a higher value

Running tests in the pre-commit hook is no longer practical due to the length of time they take.

This is currently blocked until the next release, when go get is fixed.

When adding an account that already exists and choosing to overwrite, the password that is copied to the clipboard is from the old account.

Move version.go to commands package. The version number should somehow be defined in main.go

https://gist.github.com/leonklingele/ff7fb4d518bf7b24ec1fc29209a49ea3

Consider using builtin types to define the backend client's interface, like io.ReadWriter

Hi,
I'm really considering to move from 1password to pick, but the first thought was 'how do I access my passwords also on other computers, like my phone?'

What's your usage of pick and how do login to services on your phone?

Curious about yours and others' general workflow with it.

Is there a chance to simply clear the clipboard after some time? The best case for the 'cp' command IMHO would be, to set the focus back to the last opened window, to enhance the copy paste process.

Best regards

It would be nice to have an edit command to modify an already existing account, e.g. to:

• generate / set a new password — We need to have an password-history, so your old passwords are not lost
• rename the username
• rename the account

Originally reported by @jpgoldberg

re: https://github.com/bndw/pick/blob/master/pick#L151-L154

It's the ord(urandom(1)) % len(chars) part that is of issue here. This technique for picking a random number between 0 and len(chars)-1 suffers a tiny bias unless len(chars) happens to be a divisor of 256 (in this case).

For all practical purposes, this doesn't effect the security of randomly generated passwords of sufficient length, but it does reflect ignorance of the literature of password generation.

As discussed in #62, it would be great to configure pick via pick config [get / set] key.

$ pick config --help
The config command is used to perform operations on the config

Available Commands:
  get      Get a config option
  ls       List all config options
  set      Set a config option


$ pick config get [key]
# <key value>

$ pick config set [key] [value]
# <key value>

$ pick config ls
backups
storage.type
...

Could support of XDG Base Directories be considered? Although setting a custom location is supported, it would be nice to be freedesktop.org compliant and use XDG base directories by default. So .config/pick instead of .pick, which pollutes the home directory.

We should bake the default config.toml into the pick binary and add a command sending it to stdout, allowing users to generate config files manually. Additionally, we may consider having pick init generate this file.

Proposed Usage

$ pick config > ~/.pick/config.toml

Related: #191 (comment)

Hi

First of all I want to say I love pick, great work!
I was wondering if there is a command to change the location of the pick.safe file? (e.g. to put it in a Dropbox, Keybase, etc. folder)

best regards
Marc

panic: user: Current not implemented on linux/amd64

Any command will result in a panic when built with GOARCH=amd64 GOOS=linux. This is a result of the usage of user.Current from os/user (golang/go#6376).

Consider moving to https://github.com/mitchellh/go-homedir

• utils.GetAnswer should get a default value parameter
• Default value Y / N should be uppercased

An import command would be nice to import object (e.g. credentials) from pick, 1Password & co.

• Test backends (currently only the Disk backend)
• Add more tests for the add command
• Add more tests for the get / cat command
• Add more tests for the cp command
• Add more tests for the export command
• Add more tests for the list / ls command
• Add more tests for the remove / rm command
• Add a pre-commit hook, so code which breaks any test can't be checked in
• Add tests for openpgp
• Add tests for aes gcm
• Add tests for PBKDF2
• Add tests for scrypt
• Add tests for various safe upgrade scenarios, e.g. test the upgrade path from a safe without a config to one using the default / a custom config

When installing with go get -u github.com/bndw/pick (using Go 1.7.4 on linux/amd64) as documented in README.md, the main.version variable isn't injected, as it is when building using the Makefile. This results in a runtime error when loading the safe as the version is empty and can't be parsed:

$ pick ls
Enter your master password for safe '/home/scott/.pick/pick.safe'
> 
could not parse version ''

The current interface and design is not very cohesive. This issue is to flush out changes.

Concepts

These are the basic representations used.

Credential

A credential represents the username/password required to authenticate with something. A credential is identified by an alias. A credential's username may be derived from an existing account.

# Example credential
{
  "alias": "github",
  "username": "bndw",
  "account": None,
  "password": "pPAAzdZJFm`-Et[zUIFYSQY?@fJG)qfsgnhW]g;vBjW_t[su@j",
  "created_on": 1447905515,
  "modified_on": 1447905515
}

Account (new)

An account is any email/username/phone number that you reuse. Account make it quicker to create new credentials.

# Example account
{
  "alias": "work",
  "value": "[email protected]",
  "type": "email",
  "created_on": 1447905515,
  "modified_on": 1447905515
}

# Example credential created using an account
{
  "alias": "aws",
  "username": None,
  "account": "work",
  "password": "pPAAzdZJFm`-Et[zUIFYSQY?@fJG)qfsgnhW]g;vBjW_t[su@j",
  "created_on": 1447905515,
  "modified_on": 1447905515
}

Desired features

1. Ability to write credentials with a single command (e.g. non interactive)
2. Ability to create a credential using an existing account, rather than typing the same email address a bunch
3. Ability to control what data is printed to stdout when reading a credential (e.g. pick foo). Potential configurations:
   • password only
   • username only
   • username and password

Proposed command line interface

1. pick --write alias [username] [password]
2. pick --write alias [password] --account alias
3. pick github --output username password

There doesn't seem to be a duplicate alias check. No warning is generated when trying to overwrite an old alias.

pick -w
Enter password > 
Enter an Alias > foobar
Enter the account name (username/email/etc) > delta
Generate password? (y/n, default: y) > n
Enter the password > 
Password saved and copied to clipboard!

Leads to

{
    "foobar": {
        "alias": "foobar",
        "created_on": 1449123019,
        "modified_on": 1449123019,
        "password": "delta2_pass",
        "username": "delta"
    }
}

when pick foobar or pick alling.

However, if I were to run the same set of commands again, and change the data...

pick -w
Enter password > 
Enter an Alias > foobar
Enter the account name (username/email/etc) > darkhorse3
Generate password? (y/n, default: y) > n
Enter the password > 
Password saved and copied to clipboard!

What is stored is now

{
    "foobar": {
        "alias": "foobar",
        "created_on": 1449123129,
        "modified_on": 1449123129,
        "password": "ribbitoinkt3",
        "username": "darkhorse3"
    }
}

Please create a new release once #114 and #118 are merged.
I'm desperately waiting to generate passwords interactively with an official release!

EDIT:
#108 should also be merged.

EDIT 2:
#121 should be merged as well. :)

EDIT 3:
#122

Running pick init after a fresh install creates a safe with openpgp encryption, however the assumed default type is chachapoly.

https://github.com/bndw/pick/blob/master/crypto/client.go#L18-L29

pick init
Please set a master password. This is the only password you need to remember
>
Please confirm your master password
>
pick initialized

cat ~/.pick/pick.safe | jq .
{
  "config": {
    "type": "openpgp",
    "openpgp": {
      "cipher": "aes256",
      "s2kcount": 65011712
    }
  },
  "ciphertext": "LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tCgp3eTRFQ1FNSUw3ekdmMExWV2JUL0pTOXJlVU5qZGwvVTl6SXZaVEE5SlU4a2dnUTh6bHhCT2daRmF0WlRha1pVCjB1QUI1RWRzYStsTDBldExwUEQ5TGN0L1ZjVGhPNW5nSU9DWTRjMHU0RjNpZGdvSTNlRFM2RnhMK08zNjFyUE8KemZZNFJQaElwZTBlMDV4cDdheDR4cmpEQ3dicWJNUWZrb09OTlJzV28yRzRKeXpKY0ljaXFyd083RkV5eFUwZwpwZzRsNE56NFVRMkNnNEZwVjJRM25OTW83Snd4V2MwblI3ZWZONFRDK1Z5V3NxanVoZmw0dEZCSUY5UmpibkN4ClV2dFd1bjJKWlBtS2VoWnNOK0NRZWhLZ3dhRmVoRnpBQzB1bWtzY0FjZThrQmFSaUF5R0tGMEJnNUQwR3hxVTgKYld0eG1GcW1QdVo1L1RRQ1E5L0YrcitoeFV5RE55ZEtManlLMFluelArN2RodFNQK1E0RWs3TGNZU2dod2VVZgo3SC94eXRvSEtuSVJ6MG45cmRXa2hGMXVBNGZtNzFWaGduZkM4ZjA3dGJzTGlOZ21Dc2VVZ1BUNzFDQjVCRlpKCm1SWXR0d2Ftc0hIZ2RPZUkzWElGbUpveEtaMVpQQVgvWmo5d2w0UEl2WW9CbzR0c2lMZk5xUVcvTkx1YUxIN2QKVHhuTHV3WFkrWkhaTG5VYUNyUDJoS0xGZjdyckpwNlNTWitIU0lHaTVKSHRUQy9jMmF6OGYrQ0tZY0N3angrSApPdi9YTmlQNHREZXdYV1lhRzFtRk1HSHloK3dldnR5Q1VacXYrKzRlckhFNllvdUJqaHB1Um1jRXQrQlA0cWV2CnNHRGdvK0diOE9CKzRNZmdDT1NTK2JBaXZ3aXg2anFiK3hHOGhmbkU0bmQ1b3IvaFNNZ0EKPUxpc3gKLS0tLS1FTkQgUEdQIE1FU1NBR0UtLS0tLQ=="
}

We now have crypto/config.go and backends/config.go with the exact same contents.
Why?

Currently, if you pick add an already existing account, the old account is first removed and then re-added.
This causes the file to be saved twice.

Just noticed that #64 broke installation/update via go get. Oops. I rarely use go get to install apps.
Is it worth moving the files back out of the src/ folder or should we deprecate go get?

As soon as the next release is out (should be done soon 😃), I will prepare Homebrew packages for pick.

Con deprecation:

• go get -u github.com/bndw/pick is just one command and makes it easier to install / update pick

Pro deprecation:

• go get is not really flexible, e.g. we can't install example config files with go get

Locking was introduced in #171 and needs to be properly implemented in the S3 backend

Now that Go has officially added support for ChaCha20Poly1305 and we have a PR which adds it to pick (#99), it would be nice to use it by default (instead of OpenPGP).
What do you think @bndw ?

Documentation

We desperately need some documentation. I'd prefer to tackle this in two ways:

README

The readme should be short and concise. It should answer the following questions:

• What is pick?
• Why should I use pick?
• How do I use pick?

• Quickstart
• Install instructions (prefer the latest pre-build binary release, but this will only be an option once we hit 1.0).
• Determine if a GIF is the best way to concisely show the usage.

Docs website

A thorough docs site with a dedicated page for each command. I prefer to use Hugo with a simple theme (#1 or #2). This could be hosted on Github Pages or a server I maintain.

A new note command would be helpful to store confidential texts / notes in addition to accounts.

To add and edit a secure note:

$ pick note edit todo
Enter password:
..
Now, some kind of editor like vim is invoked.
Once this editor is closed, the note will be saved in pick.

To remove a secure note:

$ pick note rm todo
Enter password:
..
Note removed

I think this software has matured enough to warrant a 1.0 release. Creating this issue to track any items or considerations for that release.

/cc: @leonklingele

Travis CI makes encrypted variables and data available only to pull requests coming from the same repository.

The tests relying on this are related to the S3 backend. I think the best plan is to remove the reliance on an actual AWS connection from those tests. I'll sort this out ASAP.

--- SNIP ---

$ pick --init
Enter password

Creating safe at /home/domain/myuser/.pick
Traceback (most recent call last):
File "/home/domain/myuser/bin/pick", line 241, in
pick.initialize_safe()
File "/home/domain/myuser/bin/pick", line 148, in initialize_safe
self.write_safe(safe)
File "/home/domain/myuser/bin/pick", line 47, in write_safe
ps2 = subprocess.check_output(cmd2.split(), stdin=ps.stdout, stderr=null)
File "/usr/local/Cellar/python/2.7.10_2/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 573, in check_output
raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command '['gpg', '--symmetric', '--armor', '--batch', '--yes', '--passphrase', 'test', '--output', '/home/domain/myuser/.pick/pick.safe']' returned non-zero exit status 2

--- SNAP ---

OS: Mac OS 10.10.5 (14F27) (Yosemite)

$ which gpg
/usr/local/bin/gpg

$ gpg --version
gpg (GnuPG/MacGPG2) 2.0.28

As GPG is already installed from GPGTools suite, brew can't link into /usr/local/bin.

Maybe force-use brew's gpg? /usr/local/Cellar/gnupg/1.4.19/bin/gpg

Currently there is no way to view the login details other than using 'pick all' which isn't ideal since it prints the passwords to the terminal and it isn't very scalable.

I suggest adding something like:

pick alias -u
# outputs: [email protected]

Might even be worth adding a flag to view the entire entry?

Also to clarify, this isn't the same as export PICK_CONFIG='{"verbose":true}' because that prints the password and the entry to the screen every time.

In a discussion on Quora, I described a handful of potential issues. Forgive me for not breaking them down into several issues here (or submitting patches), but I thought it would be useful for these to be mentioned somewhere where you could find them.

http://qr.ae/RbhBAk

I'm using the 0.8.0 release binary (darwin)

If my pick.safe is at a non-default location and a ~/.pick/pick.safe is missing, the --safe switch doesn't load the pick.safe from the supplied location.

Example:

> pick --safe ~/temp/pick.safe ls
pick not yet initialized. Please run the init command first

I noticed some discussion on #173 around the path being relative to ~/.pick, however, that doesn't work either. I'd expect the filename to point to an absolute file; but please correct me if I'm wrong with regards to the usage.

https://en.wikipedia.org/wiki/Diceware
You probably have seen Correct Horse Battery Staple, which is such a password.

Hi,
Would like to transfer my credentials to another laptop.
any option?

Github today added a way to add "topics" (aka tags) to a repo.

Some ideas:

• password
• password-manager
• cli
• security
• crypto
• golang
• chacha20-poly1305
• aes-gcm
• openpgp
• bcrypt
• scrypt
• pbkdf2

Move it to the Safe struct.