gabfl / vault Goto Github PK

View Code? Open in Web Editor NEW

182.0 13.0 48.0 1.65 MB

Python password manager

License: MIT License

Python 99.26% Dockerfile 0.74%

python3 password-manager sqlite3 secrets-management

vault's Introduction

Vault

Vault is a simple Python password manager. It allows you to securely save secrets with a simple CLI interface.

Features

Secrets are stored in an encrypted SQLite database with SQLCipher
Within the database, each password and notes are encrypted with a unique salt using AES-256 encryption with pycryptodome
Master key is hashed with a unique salt
Possibility to create an unlimited number of vaults
Clipboard cleared automatically
Automatic vault locking after inactivity
Password suggestions with password-generator-py
Import / Export in Json

Basic usage

Installation and setup

Vault 2.x requires sqlcipher to be installed on your machine.

MacOS

On MacOS, you can install sqlcipher with brew:

brew install sqlcipher

# Install sqlcipher3
pip3 install sqlcipher3==0.4.5

# If you are getting an error "Failed to build sqlcipher3", you would need to fix the build flags:
SQLCIPHER_PATH="$(brew --cellar sqlcipher)/$(brew list --versions sqlcipher | tr ' ' '\n' | tail -1)"
C_INCLUDE_PATH=$SQLCIPHER_PATH/include LIBRARY_PATH=$SQLCIPHER_PATH/lib pip3 install sqlcipher3==0.4.5

Then install the vault:

pip3 install pyvault

# Run setup
vault

Ubuntu / Debian

On Ubuntu/Debian, you can install sqlcipher with apt:

sudo apt update
sudo apt install -y gcc python3-dev libsqlcipher-dev xclip

Then install the vault:

pip3 install pyvault

# Run setup
vault

Using Docker

# Pull the image
docker pull gabfl/vault

# Create local directory
mkdir ~/.vault

# Launch image
docker run -v ~/.vault:/root/.vault -ti gabfl/vault

Cloning the project

# Clone project
git clone https://github.com/gabfl/vault && cd vault

# Installation
pip3 install .

# Run setup
vault

Advanced settings:

usage: vault [-h] [-t [CLIPBOARD_TTL]] [-p [HIDE_SECRET_TTL]]
             [-a [AUTO_LOCK_TTL]] [-v VAULT_LOCATION] [-c CONFIG_LOCATION]
             [-k] [-i IMPORT_ITEMS] [-x EXPORT] [-f [{json}]] [-e]

optional arguments:
  -h, --help            show this help message and exit
  -t [CLIPBOARD_TTL], --clipboard_TTL [CLIPBOARD_TTL]
                        Set clipboard TTL (in seconds, default: 15)
  -p [HIDE_SECRET_TTL], --hide_secret_TTL [HIDE_SECRET_TTL]
                        Set delay before hiding a printed password (in
                        seconds, default: 15)
  -a [AUTO_LOCK_TTL], --auto_lock_TTL [AUTO_LOCK_TTL]
                        Set auto lock TTL (in seconds, default: 900)
  -v VAULT_LOCATION, --vault_location VAULT_LOCATION
                        Set vault path
  -c CONFIG_LOCATION, --config_location CONFIG_LOCATION
                        Set config path
  -k, --change_key      Change master key
  -i IMPORT_ITEMS, --import_items IMPORT_ITEMS
                        File to import credentials from
  -x EXPORT, --export EXPORT
                        File to export credentials to
  -f [{json}], --file_format [{json}]
                        Import/export file format (default: 'json')
  -e, --erase_vault     Erase the vault and config file

vault's People

Contributors

Stargazers

Watchers

vault's Issues

Ctrl-d has an unexpected behavior when the vault is locked

When the vault is locked due to inactivity, if the user presses ctrl-d, he will be sent back to the "Choose a command" menu, then the program crashes.

Note: The user being sent back to the "Choose a command" menu is not a security issue because the vault has been dumped upon locking.

Choose a command [copy (l)ogin or (p)assword to clipboard / sh(o)w password / (e)dit / (d)elete / (s)earch / (b)ack to Vault]: 

The vault has been locked due to inactivity.

🔑  Please enter your master key:
Item does not exist.

Choose a command [(s)earch / show (all) / (a)dd / (cat)egories / (l)ock / (q)uit]: s

The vault has been locked due to inactivity.

🔑  Please enter your master key:Traceback (most recent call last):
  File "/usr/local/bin/vault", line 11, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.6/site-packages/vault/vault.py", line 105, in main
    v.unlock()
  File "/usr/local/lib/python3.6/site-packages/vault/lib/Vault.py", line 142, in unlock
    self.menu()
  File "/usr/local/lib/python3.6/site-packages/vault/lib/Vault.py", line 288, in menu
    command = self.input('Choose a command [(s)earch / show (all) / (a)dd / (cat)egories / (l)ock / (q)uit]: ', ['l', 'q'])
  File "/usr/local/lib/python3.6/site-packages/vault/lib/Vault.py", line 101, in input
    self.checkAutoLockTimer()
  File "/usr/local/lib/python3.6/site-packages/vault/lib/Vault.py", line 81, in checkAutoLockTimer
    self.lock()
  File "/usr/local/lib/python3.6/site-packages/vault/lib/Vault.py", line 670, in lock
    self.unlock(False)
  File "/usr/local/lib/python3.6/site-packages/vault/lib/Vault.py", line 116, in unlock
    masterKey = getpass.getpass(self.lockPrefix() + 'Please enter your master key:');
  File "/usr/local/Cellar/python3/3.6.4_2/Frameworks/Python.framework/Versions/3.6/lib/python3.6/getpass.py", line 77, in unix_getpass
    passwd = _raw_input(prompt, stream, input=input)
  File "/usr/local/Cellar/python3/3.6.4_2/Frameworks/Python.framework/Versions/3.6/lib/python3.6/getpass.py", line 148, in _raw_input
    raise EOFError
EOFError

Windows Support?

is it possible to make this work on windows?
I can try to do this and make a new branch or fork unless you already looked into it and it isn't possible

It is one of the dependencies, and it was last updated more than 2 years ago.
The git homepage of the repository reads that the project is no longer maintained (https://github.com/rigglemania/pysqlcipher3)

Further, the install of pysqlcipher3 fails (says it installed successfully but doesn't install it) on python3.9 (miniconda) + Ubuntu 18.04 machine, which has

libsqlcipher-dev is already the newest version (3.4.1-1build1).
libsqlcipher0 is already the newest version (3.4.1-1build1).
sqlcipher is already the newest version (3.4.1-1build1).

I was wondering if this dependency can be gotten rid of by replacing it with a better port to sqlcipher?
sqlcipher3 might be a good replacement.

Password still displayed

I find a little bug.
When I choose to show a password, and the password is long and the window small, the password will be wrapped. But when the time is over the stars will be shown up, but don't delete the password:

When I resize the window everyhting is ok:

Transferring vault to a different machine

Is it possible to transfer the vault to a different machine? I tried copying my ~/.vault directory, however on a new machine it does not accept the master key

when i type vault it do nothing

I get
File "\lib\runpy.py", line 197, in _run_module_as_main
return _run_code(code, main_globals, None,
File "\lib\runpy.py", line 87, in run_code
exec(code, run_globals)
File "Scripts\vault.exe_main.py", line 4, in
File "\vault\vault.py", line 8, in
from .views import setup, change_key
File "vault\views\setup.py", line 5, in
from ..models.base import Base, get_session, get_engine
File "\vault\models\base.py", line 5, in
import sqlcipher3
ModuleNotFoundError: No module named 'sqlcipher3'

Clipboard not clearing on Linux

Seems the clipboard is staying put after 15 seconds.

System report

~$ lsb_release -d
Description:	Ubuntu 18.04.4 LTS

~$ uname -r
4.15.0-76-generic

~$ xinput --version
xinput version 1.6.2
XI version on server: 2.3

~$ xclip -version
xclip version 0.12

~$ python3 --version
Python 3.6.9

~$ pip3 show pyvault
Name: pyvault
Version: 2.3.1

Show Single Credential to Screen

Feature request

It would be nice to have a way to get a single password from the vault out so it could be used without having to interactively start the app

vault --password 'my vault key' --name 'my credential' --show

or something like that

Using PBKDF2 to generate the key

Hi @gabfl, I would like to work on your project to use PBKDF2 to generate the key instead of the SHA256 algorithm. May I work on this?

Implement Pyperclip fallback

Traceback (most recent call last):
  File "/usr/local/bin/vault", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.8/dist-packages/vault/vault.py", line 160, in main
    initialize(vault_location_override=args.vault_location,
  File "/usr/local/lib/python3.8/dist-packages/vault/vault.py", line 132, in initialize
    unlock()
  File "/usr/local/lib/python3.8/dist-packages/vault/views/menu.py", line 58, in unlock
    menu()
  File "/usr/local/lib/python3.8/dist-packages/vault/views/menu.py", line 118, in menu
    next_command = secrets.search_input()
  File "/usr/local/lib/python3.8/dist-packages/vault/views/secrets.py", line 278, in search_input
    return search_results(results)
  File "/usr/local/lib/python3.8/dist-packages/vault/views/secrets.py", line 310, in search_results
    return item_view(result[0])
  File "/usr/local/lib/python3.8/dist-packages/vault/views/secrets.py", line 335, in item_view
    return item_menu(item)
  File "/usr/local/lib/python3.8/dist-packages/vault/views/secrets.py", line 372, in item_menu
    return show_secret(item)
  File "/usr/local/lib/python3.8/dist-packages/vault/views/secrets.py", line 515, in show_secret
    return item_view(item)
  File "/usr/local/lib/python3.8/dist-packages/vault/views/secrets.py", line 335, in item_view
    return item_menu(item)
  File "/usr/local/lib/python3.8/dist-packages/vault/views/secrets.py", line 366, in item_menu
    clipboard.copy(item.password)
  File "/usr/local/lib/python3.8/dist-packages/vault/views/clipboard.py", line 23, in copy
    pyperclip.copy(to_copy)
  File "/usr/local/lib/python3.8/dist-packages/pyperclip/__init__.py", line 659, in lazy_load_stub_copy
    return copy(text)
  File "/usr/local/lib/python3.8/dist-packages/pyperclip/__init__.py", line 336, in __call__
    raise PyperclipException(EXCEPT_MSG)
pyperclip.PyperclipException: 
    Pyperclip could not find a copy/paste mechanism for your system.
    For more information, please visit https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-error

Make executable.

Hello there,

I tried to make an executable which wouldn't require python at all. I tried to use the pyinstaller as I have found it the most convenient. I have Python 3.6.4 x64, win10 x64. However, I have an issue about the result, which is error after running the program:

Traceback (most recent call last):
  File "src\vault.py", line 5, in <module>
ModuleNotFoundError: No module named '__main__.lib'; '__main__' is not a package
[20840] Failed to execute script vault

Should I attach something in the spec file?

Cheers, I really like your solution :)

Use Pickle to export and import the secrets Database in the native Vault format

The goal is to improve this process: https://github.com/gabfl/vault/blob/master/docs/rebuild.md

Code sample:
https://docs.python.org/3/library/pickle.html#examples

Error ModuleNotFount

I've cloned this repo to try this python application to manage my password, but, when i try to run "vault.py" script, my console shows this error:" ModuleNotFound: no module named 'main.lib; 'main' is not a package

QRCode for passwords

Hi,

a nice feature would be, if I could let me show the password as a qrcode, so that my phone could scan it.

Thanks

can't install pyvalt

Hi! I'm trying install pyvalt into custom directory, but I fail:


$ pip3 --version
pip 8.1.1 from /usr/lib/python3/dist-packages (python 3.5)

$ python3 --version
Python 3.5.2


$ cat  /home/melezhik/sparrow/plugins/public/vault/requirements.txt 
vault==0.2

$ cd /home/melezhik/sparrow/plugins/public/vault && pip3 install -t ./python-lib -r requirements.txt --install-option "--install-scripts=$PWD/local/bin"
/usr/lib/python3/dist-packages/pip/commands/install.py:198: UserWarning: Disabling all use of wheels due to the use of --build-options / --global-options / --install-options.
  cmdoptions.check_install_build_global(options)
Collecting vault==0.2 (from -r requirements.txt (line 1))
  Using cached vault-0.2.tar.gz
Collecting keyring (from vault==0.2->-r requirements.txt (line 1))
  Using cached keyring-10.4.0.tar.gz
Collecting scriptine (from vault==0.2->-r requirements.txt (line 1))
  Using cached scriptine-0.2.1.tar.gz
    Complete output from command python setup.py egg_info:
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-build-iuvn_3q3/scriptine/setup.py", line 1, in <module>
        import scriptine
      File "/tmp/pip-build-iuvn_3q3/scriptine/scriptine/__init__.py", line 1, in <module>
        from scriptine._path import path
      File "/tmp/pip-build-iuvn_3q3/scriptine/scriptine/_path.py", line 906
        def mkdir(self, mode=0777):
                                ^
    SyntaxError: invalid token

Think about renaming the project

We already have Vault by Hashicorp and ansible-vault.
It's confusing.

Created by mistake - please delete :)

Sync / Which files

Hi,

what files must I sync between computers/handys to use my password store?

Thanks

build fails because of sqlcipher3

in new conda environment, pip install pyvault

 WARNING: Legacy build of wheel for 'sqlcipher3' created no files.
  Command arguments: /home/youjin/miniconda3/envs/llm/bin/python3.11 -u -c '
  exec(compile('"'"''"'"''"'"'
  # This is <pip-setuptools-caller> -- a caller that pip uses to run setup.py
  #
  # - It imports setuptools before invoking setup.py, to enable projects that directly
  #   import from `distutils.core` to work with newer packaging standards.
  # - It provides a clear error message when setuptools is not installed.
  # - It sets `sys.argv[0]` to the underlying `setup.py`, when invoking `setup.py` so
  #   setuptools doesn'"'"'t think the script is `-c`. This avoids the following warning:
  #     manifest_maker: standard file '"'"'-c'"'"' not found".
  # - It generates a shim setup.py, for handling setup.cfg-only projects.
  import os, sys, tokenize

  try:
      import setuptools
  except ImportError as error:
      print(
          "ERROR: Can not execute `setup.py` since setuptools is not available in "
          "the build environment.",
          file=sys.stderr,
      )
      sys.exit(1)

  __file__ = %r
  sys.argv[0] = __file__

  if os.path.exists(__file__):
      filename = __file__
      with tokenize.open(__file__) as f:
          setup_py_code = f.read()
  else:
      filename = "<auto-generated setuptools caller>"
      setup_py_code = "from setuptools import setup; setup()"

  exec(compile(setup_py_code, filename, "exec"))
  '"'"''"'"''"'"' % ('"'"'/tmp/pip-install-_ciyrrtx/sqlcipher3_5b8aa7f1ca464be8a56697aaa3c22eb5/setup.py'"'"',), "<pip-setuptools-caller>", "exec"))' bdist_wheel -d /tmp/pip-wheel-97z8l12b
  Command output: [use --verbose to show]
  Running setup.py clean for sqlcipher3
Failed to build sqlcipher3
ERROR: Could not build wheels for sqlcipher3, which is required to install pyproject.toml-based projects

but I definitely have setuptools

(llm) youjin@LAPTOP-UMNTCS64:~$ pip install setuptools Looking in indexes: https://pypi.tuna.tsinghua.edu.cn/simple Requirement already satisfied: setuptools in ./miniconda3/envs/llm/lib/python3.11/site-packages (68.2.2)

I have pyvault working in another environment, so its not some missing library
Also sqlcipher3 is installed:
(llm) youjin@LAPTOP-UMNTCS64:~$ pip install sqlcipher3 Looking in indexes: https://pypi.tuna.tsinghua.edu.cn/simple Requirement already satisfied: sqlcipher3 in ./miniconda3/envs/llm/lib/python3.11/site-packages (0.5.2)

Support for Yubikey

Hi,

It would be nice if there is a way to support 2 authentication way to unlock the vault safe.

Here is the libary for python:
https://github.com/Yubico/python-yubico

And here how to work with challenge response:
https://github.com/Yubico/python-yubico/blob/master/examples/nist_challenge_response

Vault does not work with ZSH on MacOS

Due to ZSH's auto CD feature, vault does not work. Any workaround?