shadowpass 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +72 -0
- data/bin/shadowpass +62 -0
- data/etc/shadowpass.yaml.sample +3 -0
- data/lib/shadowpass.rb +107 -0
- metadata +130 -0
data/README.md
ADDED
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
# ShadowPass
|
|
2
|
+
|
|
3
|
+
A tool for keeping a GnuPG encrypted password store.
|
|
4
|
+
|
|
5
|
+
## A brief history
|
|
6
|
+
|
|
7
|
+
I have, for a long time, kept a gpg encrypted password file in markdown format
|
|
8
|
+
in a private git repo that I have appropriately named, 'shadow'. It follows me
|
|
9
|
+
everywhere. When I need a password, I vi the file, and with the help of the
|
|
10
|
+
gpg vim plugin, I can quickly access my secret. This has worked for a long
|
|
11
|
+
time. However, as the file grows it can become a bit unwieldy. Thus,
|
|
12
|
+
'shadowpass'.
|
|
13
|
+
|
|
14
|
+
### But what about the other tools?
|
|
15
|
+
|
|
16
|
+
For the past couple years I have been working on a mac as my primary desktop.
|
|
17
|
+
This has its benefits in the world of password storage. Namely, keychain.
|
|
18
|
+
Keychain is awesome. It allows the system, utilities or the user, to directly
|
|
19
|
+
read and write to the password store, with some mild 'would you like to grant
|
|
20
|
+
access' style security methods. The database is encrypted and such, which is
|
|
21
|
+
basically a must for any password storage utility. I've also been using
|
|
22
|
+
another great utility on the Mac called '1Password'. 1Password is a gui
|
|
23
|
+
application that stores your passwords in an encrypted password store, giving
|
|
24
|
+
you a gui and some browser plugins so that you can store per site passwords for
|
|
25
|
+
some auto fill magic. Cool stuff, but its outside the scope of this tool.
|
|
26
|
+
|
|
27
|
+
### So why?
|
|
28
|
+
|
|
29
|
+
Having password storage tools locally on your desktop does wonders for you...
|
|
30
|
+
when you are local. But what if you are working on a remote system that isn't
|
|
31
|
+
of the Apple variety? For my case, I want `offlineimap` to be able to lookup a
|
|
32
|
+
password automatically with one simple command line utility on a box where I
|
|
33
|
+
don't have my common desktop tools like the `security` tool on OS X. There are
|
|
34
|
+
some other tools out there like Keypass, kwallet, gnome-pass, python-keyring,
|
|
35
|
+
etc, but to my knowledge none of these support GPG. I am big on GPG, and since
|
|
36
|
+
I am not using X on a remote system they do me little good, with the exception
|
|
37
|
+
of python-keyring.
|
|
38
|
+
|
|
39
|
+
## Usage
|
|
40
|
+
|
|
41
|
+
Getting and setting a record is easy. Jus specify the path with either the `-g` or `-s` flags.
|
|
42
|
+
|
|
43
|
+
shadowpass -c ~/.shadow.yaml -s sites/forge
|
|
44
|
+
|
|
45
|
+
You will be prompted for the secret that you would like to store at this path.
|
|
46
|
+
Then to retrieve the value that you stored there, just use the get flag.
|
|
47
|
+
|
|
48
|
+
shadowpass -c ~/.shadow.yaml -g sites/forge
|
|
49
|
+
|
|
50
|
+
Easy, right? Paths can be of any length, so you are free to organize your
|
|
51
|
+
passwords in any way you like.
|
|
52
|
+
|
|
53
|
+
## Storage format
|
|
54
|
+
|
|
55
|
+
Its all just json. The path gets translated into a hash of hashes structures
|
|
56
|
+
converting the path keys into hash keys, before getting or setting the value
|
|
57
|
+
for those keys.
|
|
58
|
+
|
|
59
|
+
Want to get the entire database? Easy.
|
|
60
|
+
|
|
61
|
+
shadowpass -c ~/.shadow.yaml -g /
|
|
62
|
+
|
|
63
|
+
This tells shadowpass to get the root, and therfore everything beneath it. You
|
|
64
|
+
can follow the same logic to get everything below a certain point. For
|
|
65
|
+
example:
|
|
66
|
+
|
|
67
|
+
shadowpass -c ~/.shadow.yaml -g sites/social/github
|
|
68
|
+
|
|
69
|
+
Will return you all the items you have stored beneath the key `github`. This
|
|
70
|
+
is useful so you can store username, password, and any extras, like api key,
|
|
71
|
+
etc.
|
|
72
|
+
|
data/bin/shadowpass
ADDED
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
#! /usr/bin/env ruby
|
|
2
|
+
|
|
3
|
+
begin
|
|
4
|
+
require 'json'
|
|
5
|
+
require 'yaml'
|
|
6
|
+
require 'optparse'
|
|
7
|
+
require 'pp'
|
|
8
|
+
require 'gpgme'
|
|
9
|
+
require 'cri'
|
|
10
|
+
require 'shadowpass'
|
|
11
|
+
require 'io/console'
|
|
12
|
+
rescue LoadError => e
|
|
13
|
+
puts "Unable to load library: #{e}"
|
|
14
|
+
exit 1
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
command = Cri::Command.define do
|
|
18
|
+
name 'shadowpass'
|
|
19
|
+
usage 'shadowpass [options]'
|
|
20
|
+
aliases :pws, :spass
|
|
21
|
+
summary 'maintain a password database'
|
|
22
|
+
|
|
23
|
+
flag :h, :help, 'show help for this command' do |value, cmd|
|
|
24
|
+
puts cmd.help
|
|
25
|
+
exit 0
|
|
26
|
+
end
|
|
27
|
+
flag :v, :verbose, 'Be less quiet'
|
|
28
|
+
option :c, :conf, 'Specify the configuration file', :argument => :required
|
|
29
|
+
option :s, :set, 'set a record', :argument => :required
|
|
30
|
+
option :g, :get, 'get a record', :argument => :required
|
|
31
|
+
|
|
32
|
+
run do |opts, args, cmd|
|
|
33
|
+
configfile = opts[:conf] || 'etc/shadowpass.yaml'
|
|
34
|
+
|
|
35
|
+
if opts[:verbose]
|
|
36
|
+
starttime = Time.now
|
|
37
|
+
puts "Initializing at #{starttime}"
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
puts "Loading configuration #{configfile}" if opts[:verbose]
|
|
41
|
+
config = YAML::load(File.read(configfile))
|
|
42
|
+
config[:opts] = opts
|
|
43
|
+
|
|
44
|
+
p = ShadowPass.new(config)
|
|
45
|
+
|
|
46
|
+
if opts[:set]
|
|
47
|
+
path = opts[:set].split('/')
|
|
48
|
+
puts "secret: "
|
|
49
|
+
path << STDIN.noecho {|i| i.gets}.chomp
|
|
50
|
+
p.set(path)
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
if opts[:get]
|
|
54
|
+
path = opts[:get].split('/')
|
|
55
|
+
value = p.get(path)
|
|
56
|
+
puts value
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
command.run(ARGV)
|
data/lib/shadowpass.rb
ADDED
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
require 'pp'
|
|
2
|
+
require 'gpgme'
|
|
3
|
+
require 'json'
|
|
4
|
+
require 'awesome_print'
|
|
5
|
+
require 'io/console'
|
|
6
|
+
|
|
7
|
+
|
|
8
|
+
# @author Zach Leslie
|
|
9
|
+
class ShadowPass
|
|
10
|
+
VERSION = '0.0.1'
|
|
11
|
+
|
|
12
|
+
def initialize (config)
|
|
13
|
+
@config = config
|
|
14
|
+
@pwfile = File.expand_path(@config[:pwfile])
|
|
15
|
+
@keyid = config[:keyid]
|
|
16
|
+
@verbose = config[:opts][:verbose]
|
|
17
|
+
# determine of this is a new database
|
|
18
|
+
if File.exists?(@pwfile)
|
|
19
|
+
@shadows = loadShadow
|
|
20
|
+
else
|
|
21
|
+
@shadows = initShadow
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def get (path)
|
|
26
|
+
speak("looking for value at #{path.join('/')}")
|
|
27
|
+
value = path.inject(@shadows) {|result, element|
|
|
28
|
+
if result[element]
|
|
29
|
+
result[element]
|
|
30
|
+
else
|
|
31
|
+
result
|
|
32
|
+
end
|
|
33
|
+
}
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def set (path)
|
|
37
|
+
value = path.pop
|
|
38
|
+
|
|
39
|
+
# Build the new data object with the supplied path
|
|
40
|
+
speak("building new data object")
|
|
41
|
+
data = path.reverse.inject(value) {|result, element|
|
|
42
|
+
{ element => result }
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
# Merge the new data object into the existing shadow
|
|
46
|
+
speak("merging new data object into shadows")
|
|
47
|
+
if @shadows.empty?
|
|
48
|
+
flush data
|
|
49
|
+
else
|
|
50
|
+
newshadows = merge_gently(@shadows,data)
|
|
51
|
+
flush newshadows
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def merge_gently(a,b)
|
|
56
|
+
speak('received original data object')
|
|
57
|
+
speak('received new data object')
|
|
58
|
+
data = Hash.new
|
|
59
|
+
a.each do |k,v|
|
|
60
|
+
if k == b.keys.first
|
|
61
|
+
# Ig data[k] is a string, then we are likely replacing something here.
|
|
62
|
+
data[k] = merge_gently(a[k],b[k]) unless data[k].is_a? String
|
|
63
|
+
data
|
|
64
|
+
else
|
|
65
|
+
data[k] = a[k]
|
|
66
|
+
data[b.keys.first] = b[b.keys.first]
|
|
67
|
+
data
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
speak('here is the merged data object to be returned')
|
|
71
|
+
data
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
def speak(what)
|
|
75
|
+
puts what if @verbose
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
# Encrypt the data object and flush to disk
|
|
79
|
+
def flush( data )
|
|
80
|
+
# Build ciphertext
|
|
81
|
+
crypto = GPGME::Crypto.new(:armor => true)
|
|
82
|
+
cipher = crypto.encrypt "#{data.to_json}", :recipients => @keyid
|
|
83
|
+
# Write te cypertext to the file
|
|
84
|
+
speak("write the shadow data to file at #{@pwfile}")
|
|
85
|
+
File.open(@pwfile, 'w') {|f| f.write( cipher.read ) }
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
private
|
|
89
|
+
|
|
90
|
+
# initialize the shadow data
|
|
91
|
+
def initShadow
|
|
92
|
+
speak("initializing #{@pwfile}")
|
|
93
|
+
# Build and return the initial data object
|
|
94
|
+
data = Hash.new
|
|
95
|
+
data
|
|
96
|
+
end
|
|
97
|
+
|
|
98
|
+
def loadShadow
|
|
99
|
+
# decrypt and read the shadow file
|
|
100
|
+
speak("loading datafile #{@pwfile}")
|
|
101
|
+
crypto = GPGME::Crypto.new(:armor => true)
|
|
102
|
+
clear = crypto.decrypt(File.open(@pwfile))
|
|
103
|
+
# returns cleartext object
|
|
104
|
+
JSON.parse( clear.read )
|
|
105
|
+
end
|
|
106
|
+
|
|
107
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,130 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: shadowpass
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.0.1
|
|
5
|
+
prerelease:
|
|
6
|
+
platform: ruby
|
|
7
|
+
authors:
|
|
8
|
+
- Zach Leslie
|
|
9
|
+
autorequire:
|
|
10
|
+
bindir: bin
|
|
11
|
+
cert_chain: []
|
|
12
|
+
date: 2012-11-07 00:00:00.000000000 Z
|
|
13
|
+
dependencies:
|
|
14
|
+
- !ruby/object:Gem::Dependency
|
|
15
|
+
name: json
|
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
|
17
|
+
none: false
|
|
18
|
+
requirements:
|
|
19
|
+
- - ! '>='
|
|
20
|
+
- !ruby/object:Gem::Version
|
|
21
|
+
version: '0'
|
|
22
|
+
type: :runtime
|
|
23
|
+
prerelease: false
|
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
25
|
+
none: false
|
|
26
|
+
requirements:
|
|
27
|
+
- - ! '>='
|
|
28
|
+
- !ruby/object:Gem::Version
|
|
29
|
+
version: '0'
|
|
30
|
+
- !ruby/object:Gem::Dependency
|
|
31
|
+
name: awesome_print
|
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
|
33
|
+
none: false
|
|
34
|
+
requirements:
|
|
35
|
+
- - ! '>='
|
|
36
|
+
- !ruby/object:Gem::Version
|
|
37
|
+
version: '0'
|
|
38
|
+
type: :runtime
|
|
39
|
+
prerelease: false
|
|
40
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
41
|
+
none: false
|
|
42
|
+
requirements:
|
|
43
|
+
- - ! '>='
|
|
44
|
+
- !ruby/object:Gem::Version
|
|
45
|
+
version: '0'
|
|
46
|
+
- !ruby/object:Gem::Dependency
|
|
47
|
+
name: cri
|
|
48
|
+
requirement: !ruby/object:Gem::Requirement
|
|
49
|
+
none: false
|
|
50
|
+
requirements:
|
|
51
|
+
- - ! '>='
|
|
52
|
+
- !ruby/object:Gem::Version
|
|
53
|
+
version: '0'
|
|
54
|
+
type: :runtime
|
|
55
|
+
prerelease: false
|
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
57
|
+
none: false
|
|
58
|
+
requirements:
|
|
59
|
+
- - ! '>='
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
61
|
+
version: '0'
|
|
62
|
+
- !ruby/object:Gem::Dependency
|
|
63
|
+
name: yard
|
|
64
|
+
requirement: !ruby/object:Gem::Requirement
|
|
65
|
+
none: false
|
|
66
|
+
requirements:
|
|
67
|
+
- - ! '>='
|
|
68
|
+
- !ruby/object:Gem::Version
|
|
69
|
+
version: '0'
|
|
70
|
+
type: :runtime
|
|
71
|
+
prerelease: false
|
|
72
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
73
|
+
none: false
|
|
74
|
+
requirements:
|
|
75
|
+
- - ! '>='
|
|
76
|
+
- !ruby/object:Gem::Version
|
|
77
|
+
version: '0'
|
|
78
|
+
- !ruby/object:Gem::Dependency
|
|
79
|
+
name: gpgme
|
|
80
|
+
requirement: !ruby/object:Gem::Requirement
|
|
81
|
+
none: false
|
|
82
|
+
requirements:
|
|
83
|
+
- - ! '>='
|
|
84
|
+
- !ruby/object:Gem::Version
|
|
85
|
+
version: '0'
|
|
86
|
+
type: :runtime
|
|
87
|
+
prerelease: false
|
|
88
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
89
|
+
none: false
|
|
90
|
+
requirements:
|
|
91
|
+
- - ! '>='
|
|
92
|
+
- !ruby/object:Gem::Version
|
|
93
|
+
version: '0'
|
|
94
|
+
description: ''
|
|
95
|
+
email: xaque208@gmail.com
|
|
96
|
+
executables:
|
|
97
|
+
- shadowpass
|
|
98
|
+
extensions: []
|
|
99
|
+
extra_rdoc_files: []
|
|
100
|
+
files:
|
|
101
|
+
- bin/shadowpass
|
|
102
|
+
- lib/shadowpass.rb
|
|
103
|
+
- etc/shadowpass.yaml.sample
|
|
104
|
+
- README.md
|
|
105
|
+
homepage: https://github.com/xaque208/shadowpass
|
|
106
|
+
licenses: []
|
|
107
|
+
post_install_message:
|
|
108
|
+
rdoc_options: []
|
|
109
|
+
require_paths:
|
|
110
|
+
- lib
|
|
111
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
112
|
+
none: false
|
|
113
|
+
requirements:
|
|
114
|
+
- - ! '>='
|
|
115
|
+
- !ruby/object:Gem::Version
|
|
116
|
+
version: '0'
|
|
117
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
118
|
+
none: false
|
|
119
|
+
requirements:
|
|
120
|
+
- - ! '>='
|
|
121
|
+
- !ruby/object:Gem::Version
|
|
122
|
+
version: '0'
|
|
123
|
+
requirements: []
|
|
124
|
+
rubyforge_project:
|
|
125
|
+
rubygems_version: 1.8.23
|
|
126
|
+
signing_key:
|
|
127
|
+
specification_version: 3
|
|
128
|
+
summary: A tool for keeping a GnuPG password store.
|
|
129
|
+
test_files: []
|
|
130
|
+
has_rdoc:
|