Passpie lets you manage login credentials from the terminal with a colorful/configurable cli interface. Password files are saved into yaml text files with passwords as GnuPG encrypted strings. Use your master passphrase to decrypt login credentials, copy passwords to clipboard and more...
Passpie is built with Click and Tabulate for its interface, TinyDB for its database and python-gnupg for its encryption using gpg. Passpie is also inspired by great cli applications like git and httpie
- Console interface
- Manage multiple databases
- Add, update, remove credentials
- Copy passwords to clipboard
- List credentials as a table
- List credentials with a colored output
- Search credentials by name, login or comments
- Search with regular expression
- Group credentials by name
- Configuration from file.
~/.passpie
- Change passphrase and re-encrypt database
- Export Passpie database to plain text file
- Import plain text Passpie database
- Import credentials from Pysswords
- Randomly generated credential passwords
- Configurable random password generation
- Generate database status report
- Bulk remove credentials
- Bash/Zsh completion
- Undo/Redo changes to the database. (requires git)
Planned features:
- Bulk update credentials
- Import plain text credentials from Keepass
- Import plain text credentials from 1Password
# initialize a passpie database
passpie init
# add some credentials
passpie add [email protected]
passpie add [email protected]
# add some credential with random passwords
passpie add [email protected] --random
passpie add spam@egg --random
passpie add [email protected] --random
passpie add [email protected] --random
# add spam@egg with random password and copy to clipboard
passpie add [email protected] --random --copy
# edit credential "[email protected]"
passpie update [email protected]
# copy password from credential "[email protected]" to clipboard
passpie copy [email protected]
# search credentials by string "exam"
passpie search exam
# search credentials using regular expressions
passpie search 'foo|bar'
# remove some credentials
passpie remove [email protected]
passpie remove [email protected]
# see the database change history
passpie log
# reset to a previous version of the database
passpie --reset-to 5
# check database status
passpie status
# print all credentials as a table with hidden passwords
passpie
# shows help. Option `--help`
passpie --help
Using pip
pip install passpie
On a mac you can install it with homebrew
brew install passpie
The latest development version can be installed directly from GitHub:
pip install --upgrade https://github.com/marcwebbie/passpie/tarball/master
Passpie credentials are referenced by fullname
. fullname syntax handles login and name for credentials in one go for faster adding and querying of credentials.
Fullnames are composed of login
@name
. Login is optional. If you don't pass any login when adding new credentials, credential login will be replaced by a _
character:
passpie add @banks/mybank --password 1234
passpie add @banks/myotherbank --password 5678
Listing credentials:
$ passpie
================= ======= ========== =========
Name Login Password Comment
================= ======= ========== =========
banks/mybank _ *****
banks/myotherbank _ *****
================= ======= ========== =========
Since login
is optional. You can query credentials using only name syntax, for example to update credential @banks/mybank
:
passpie update @banks/mybank --random
Or even better, without using the @
notation:
passpie update banks/mybank --random
Passpie by default will create a git repository on database initialization if git
is available.
passpie init
To see the changes history, use passpie log
command:
passpie log
example output:
[13] Updated foo@bar
[12] Updated foo@bar
[11] Reset database
[10] Removed foozy@bar
[9] Updated hello@world
[8] Added hello@world
[7] Added foozy@bar
[6] Updated test@github
[5] Added foozy@bazzy
[4] Updated test@github
[3] Added foo@bar
[2] Added spam@egg
[1] Added test@github
[0] Initialized database
If you want to go back to a previous version of the database history: passpie --reset-to N
where N is the index of the change.
passpie log --reset-to 5
Attention: this is an operation that destroys data. Use it with caution. It is equivalent to do
git reset --hard
passpie log --init
or if you have multiple databases:
passpie -D other_database log --init
This will create a git repository on passpie directory and create an initial commit
Initialized database
If you don't want to create a git repository on the passpie database. Initialize passpie with --no-git
flag:
passpie init --no-git
With default path ~/.passpie
and a Dropbox shared directory on path ~/Dropbox
mv ~/.passpie ~/Dropbox/passpie # move passpie db to Dropbox
ln -s ~/Dropbox/passpie ~/.passpie # make a link to the db
With default path ~/.passpie
and a Google Drive shared directory on path ~/GoogleDrive
mv ~/.passpie ~/GoogleDrive/passpie # move passpie db to Google Drive
ln -s ~/GoogleDrive/passpie ~.passpie # make a link to the db
passpie export passpie.db
passpie import passpie.db
Passpie credentials handles multiple logins for each name which groups credentials by name:
# add some credentials
passpie add [email protected] --comment "Jonh main mail" --random
passpie add [email protected] --comment "No comment" --random
Listing credentials:
$ passpie
=========== ======= ========== ===============
name login password comment
=========== ======= ========== ===============
example.com doe ***** No comment
example.com jonh ***** Jonh main email
=========== ======= ========== ===============
Fullname syntax supports subgrouping of credentials by name
passpie add foo@opensource/github.com --random
passpie add foo@opensource/python.org --random
passpie add foo@opensource/bitbucket.org --random
passpie add foo@opensource/npm.org --random
Listing credentials:
$ passpie
======================== ======= ========== =========
Name Login Password Comment
======================== ======= ========== =========
opensource/bitbucket.org foo *****
opensource/github.com foo *****
opensource/npm.org foo *****
opensource/python.org foo *****
======================== ======= ========== =========
Sometimes it is useful to have multiple databases with different passphrases for higher security. This can be done using -D
or --database
option.
passpie -D ~/credentials/personal init
passpie -D ~/credentials/work init
passpie -D ~/credentials/junk init
passpie -D ~/credentials/personal add [email protected] --random
passpie -D ~/credentials/work add [email protected] --random
passpie -D ~/credentials/junk add [email protected] --random
$ passpie -D ~/databases/junk
=========== ======= ========== =========
Name Login Password Comment
=========== ======= ========== =========
example.com fake *****
=========== ======= ========== =========
You can activate passpie completion for bash
or zsh
shells
Check the generated script with
passpie complete {shell_name}
.
Add this line to your .bash_profile or .bashrc
if which passpie > /dev/null; then eval "$(passpie complete bash)"; fi
Add this line to your ~/.config/fish/config.fish
if which passpie > /dev/null 2>&1; eval (passpie complete fish | tr '\n' ';'); end
Add this line to your .zshrc or .zpreztorc
if which passpie > /dev/null; then eval "$(passpie complete zsh)"; fi
You can override default passpie configuration with a .passpierc
file on your home directory. Passpie configuration files must be written as a valid yaml file.
path: /Users/john.doe/.passpie
short_commands: true
genpass_length: 32
genpass_symbols: "_-#|+= "
table_format: fancy_grid
headers:
- name
- login
- password
- comment
colors:
login: green
name: yellow
password: cyan
default ~/.passpie
Path to passpie database
default false
Use passpie commands with short aliases. Like passpie a
for passpie add
default: 32
Length of randomly generated passwords with option --random
default: "_-#|+= "
Symbols used on random password generation
default: fancy_grid
Table format when listing credentials
default:
headers:
- name
- login
- password
- comment
default:
colors:
name: yellow
login: green
default: true
Create a git repository on the database directory when git is available.
default: false
Automatically transform the search pattern into a regex if the search pattern is a word (ie: add .* prefix and suffix)
default: 5
Set an upper limit to display the number of credentials with the same password instead of displaying the credentials themselves. This is avoid the uggly table rendering when the passords list doesn't fit on one line. Currently Tabulate doesn't handle line wraps.
Encryption is done with GnuGPG using AES256. Take a look at passpie.crypt module to know more.
The default database path is at ~/.passpie
. If you want to change the database path, add --database
option to passpie. Together with init
you can create arbitrary databases.
passpie --database "/path/to/another/database/" init
Passpie database is structured in a directory hierarchy. Every
credential is a .pass
file inside a directory named after a credential group.
An empty database would look like this:
passpie --database /tmp/passpie init
tree /tmp/passpie -la
# /tmp/passpie
# └── .keys
After adding a new credential the database would look like this:
passpie --database /tmp/passpie add [email protected]
# Password: **********
tree /tmp/passpie -la
# /tmp/passpie
# ├── .keys
# └── github.com
# └── octocat.pass
If we add more credentials to group github.com. Directory structure would be:
passpie --database /tmp/passpie add [email protected]
# Password: **********
tree /tmp/passpie -la
# /tmp/passpie
# ├── .keys
# └── github
# └── octocat.pass
# └── octocat2.pass
Feel free to comment, open a bug report or ask for new features on Passpie issues page or over Twitter.
If you want to contributing with code:
- Fork the repository https://github.com/marcwebbie/passpie/fork
- Make sure to add tests
- Create a pull request
- [optional] Read the Makefile
You probably have the python-gnupg
package installed. Passpie depends on isislovecruft fork of python-gnupg
To fix:
pip uninstall python-gnupg
pip install -U passpie
You don't have gpg installed or it is not working as expected
Make sure you have gpg installed:
Ubuntu:
sudo apt-get install gpg
OSX:
brew install gpg
You don't have copy to clipboard support by default on some linux distributions.
Ubuntu:
sudo apt-get install xclip
Sometimes it takes a long time because of entropy on the host machine. It was noticed a long time on an ubuntu server(even more if it is a virtual machine). You could try using haveged
to generate enough entropy.
On ubuntu:
sudo apt-get install haveged
You could also try this solution right here: http://serverfault.com/questions/214605/gpg-not-enough-entropy
License (MIT License)
The MIT License (MIT)
Copyright (c) 2014-2015 Marc Webbie, http://github.com/marcwebbie
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.