passvault-cli-tool 1.0.0__py3-none-any.whl

passvault_cli_tool-1.0.0.dist-info/METADATA

@@ -0,0 +1,166 @@
+Metadata-Version: 2.4
+Name: passvault-cli-tool
+Version: 1.0.0
+Summary: A local-first TUI password manager for Linux.
+Author: Senume
+License: MIT
+Project-URL: Homepage, https://github.com/Senume/PassVault
+Keywords: password-manager,tui,cli,security
+Classifier: Environment :: Console
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Security
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: cryptography>=41.0
+Requires-Dist: argon2-cffi>=23.0
+Requires-Dist: appdirs>=1.4
+Requires-Dist: textual>=0.60
+Requires-Dist: rich>=13.0
+Requires-Dist: pydantic>=2.0
+Requires-Dist: httpx>=0.27
+Provides-Extra: dev
+Requires-Dist: pytest; extra == "dev"
+Requires-Dist: pytest-asyncio; extra == "dev"
+Dynamic: license-file
+
+# 🔐 PassVault
+
+A local TUI (Terminal User Interface) password manager for Linux.  
+Credentials are encrypted with **Argon2id + AES-GCM** and never leave your machine.
+
+---
+
+## Features
+
+| Key | Action |
+|-----|--------|
+| `/` | Open vault selector overlay |
+| `n` | Create a new vault |
+| `g` | Add a new credential to the current vault |
+| `f` | Search credentials by name |
+| `e` | Export current vault as an encrypted `.pvault` archive |
+| `i` | Import a vault from a `.pvault` archive |
+| `ctrl+d` | Delete the current vault (requires typing vault name) |
+| `ctrl+g` | Auto-generate a strong password (inside Add Credential panel) |
+| `ctrl+v` | Paste from clipboard into any input field |
+
+---
+
+## Requirements
+
+### System dependency
+PassVault uses `xclip` for clipboard operations:
+```bash
+sudo apt install xclip        # Debian / Ubuntu
+sudo pacman -S xclip          # Arch
+sudo dnf install xclip        # Fedora
+```
+
+### Python
+- Python **3.10+**
+
+---
+
+## Installation
+
+### From PyPI
+```bash
+pip install passvault
+```
+
+### From source
+```bash
+git clone https://github.com/Senume/PassVault.git
+cd PassVault
+pip install -e .
+```
+
+---
+
+## Running
+
+```bash
+passvault
+```
+
+---
+
+## Data & log paths
+
+PassVault resolves paths in priority order:
+
+| | System path (root) | User fallback | Env override |
+|---|---|---|---|
+| **Vaults** | `/etc/passvault/vaults` | `~/.local/share/passvault/vaults` | `$PASSVAULT` |
+| **Logs** | `/var/log/passvault/passvault.log` | `~/.local/state/passvault/passvault.log` | `$PASSVAULT_LOG` |
+
+Directories are created automatically on first run.
+
+> To grant your user write access to the system paths:
+> ```bash
+> sudo mkdir -p /etc/passvault/vaults /var/log/passvault
+> sudo chown -R $USER /etc/passvault /var/log/passvault
+> ```
+
+---
+
+## Usage walkthrough
+
+### 1 — Create a vault
+Press `n`, enter a vault name and master password (confirmed twice). Press `Enter`.
+
+### 2 — Add credentials
+Press `g` (a vault must be selected first via `/`).  
+Fill in **Name**, **Username**, **Password** — or press `Ctrl+G` to auto-generate a strong password.  
+Press `Enter` to confirm, then enter the vault master password.
+
+### 3 — View credentials
+Select a credential from the list and press `Enter`.  
+Enter the master password to unlock.  
+Press `c` to copy the username or `p` to copy the password to clipboard.  
+Press `Esc` to close.
+
+### 4 — Search
+Press `f` to focus the search bar. Type to filter credentials by name in real time. Press `Esc` to clear.
+
+### 5 — Export / Import
+- **Export** (`e`): saves the current vault as an encrypted `.pvault` zip to a path you specify (default: `~/PassVault_exports/`).
+- **Import** (`i`): restores a vault from a `.pvault` file path.
+
+The archive keeps credentials AES-GCM encrypted — no master password is needed for the transfer itself.
+
+### 6 — Delete a vault
+Press `Ctrl+D`, then type the vault name exactly to confirm permanent deletion.
+
+---
+
+## Security
+
+- **KDF**: Argon2id (time cost 3, memory 64 MB, parallelism 1)
+- **Encryption**: AES-256-GCM per credential — each `.ptr` file is independently encrypted
+- **Master password**: never stored; derived key exists only in memory during a session
+- **Clipboard**: copy operations use `xclip`; clear the clipboard manually after use
+
+---
+
+## Development
+
+```bash
+git clone https://github.com/Senume/PassVault.git
+cd PassVault
+pip install -e ".[dev]"
+
+# Run tests
+PYTHONPATH=$PWD pytest -q
+
+# Run the app
+PASSVAULT=data passvault
+```
+
+---
+
+## License
+
+MIT — see [LICENSE](LICENSE)

passvault_cli_tool-1.0.0.dist-info/RECORD

@@ -0,0 +1,30 @@
+passvault_cli_tool-1.0.0.dist-info/licenses/LICENSE,sha256=gICzLXuoZpo2fX1S75l6jxOXizy-KD866VrgpGAdAHo,1063
+passvault_core/clipboard.py,sha256=GxBMTSmPWPiiZ3nO7nImJflJEDykJrSNCbL-AkaaMUI,6226
+passvault_core/crypto.py,sha256=MAtZQ0_eWCSoY_gWv-TUQl_hl6cEMmchTAXQfo9Opq8,1993
+passvault_core/errors.py,sha256=bslo_4QVU5LJgCudAQQTXcS8cy-tP44Rg-NL2DcUt5g,252
+passvault_core/schema.py,sha256=57e1yESnV5sW7TnUX19COiSnVgEe17qfq-sr8LdZymo,2773
+passvault_core/storage.py,sha256=TaXvEx6h8B9Kvrk-YKf2JcImIblFoFUGJzjFn_WVXQ0,5673
+passvault_core/tests/test_clipboard.py,sha256=NbWNcY5_Jf7YJgchvsBBbNybIeYp9q9YdjWTPsBVseg,12750
+passvault_core/tests/test_crypto.py,sha256=pbc5xq627h6Jx97iK5FEEallAGVuBY1MY58lDgqL9KI,6835
+passvault_core/tests/test_schema.py,sha256=OOXYlhyok87DUBRmUbJjeAFzoLD3l-36SYpNFOx1V5s,6510
+passvault_core/tests/test_storage.py,sha256=0pbV6NtkxI5NRyaPvYou5jn5hBDpGg5g4eHm7KEbgSA,7166
+passvault_tui/__init__.py,sha256=uPI0vnaBmnWNTT8t2hQRFPEaJJOEbRunw8M6eYwSqfY,94
+passvault_tui/app.py,sha256=1kVPDBPLjQIxRuzkJ_Beh82LRqORECaEOXDUE8vyWB8,15809
+passvault_tui/style.css,sha256=i5gw9Nna4bXnTlvw6gIQ6ky80IZF266aJMHMuqQ2aRg,6786
+passvault_tui/screens/__init__.py,sha256=ZRASt7hmKuAB312gu98Zool-fYsVvbKy2H7sd_YUt5E,19
+passvault_tui/utils/__init__.py,sha256=tmkYaXrYQoBaMH-swbN1SOWqXLFLgn4CUYh2JEMILWg,33
+passvault_tui/widgets/__init__.py,sha256=K6RQqsqalzNchy9LEXqG9q0KU1kaKceviZfQNYhYpG8,572
+passvault_tui/widgets/add_credential_panel.py,sha256=S7Ggk_KSUXY6emB6Zp7oM8_IKKai0HHVAAdBlwXDqb0,4902
+passvault_tui/widgets/add_vault_panel.py,sha256=QemD6rvdtZqqCfQb82stcc18hdjgRDQyRv6fQ8whZXE,2860
+passvault_tui/widgets/credential_panel.py,sha256=HaBeVrqDP5yVqcdQwLAjYAkk6sFnbCKhLjYYGuzhZ7E,2772
+passvault_tui/widgets/delete_vault_panel.py,sha256=BDdYdtbVbmRKhAZNx3mWoCq5IfL8zrT8WvWp33tiilY,2103
+passvault_tui/widgets/export_vault_panel.py,sha256=ft3VxoNmOzp1assCYaOrg3ToSk8ihwEIu_ysPXBGt-0,2659
+passvault_tui/widgets/import_vault_panel.py,sha256=9IyxRezlBLdsd4AK2AoID6Pdfm_SF9644Z5B0W8orUk,2533
+passvault_tui/widgets/master_password_panel.py,sha256=0n73mf2PU9ANrv2sZCuFQHnVKs7WYZc-TsOdKbj4D7g,1733
+utils/__init__.py,sha256=lDUdAJlZTwKkgvMRjw0d3cAvV_oYJgO95QYul5h-LjM,103
+utils/logger.py,sha256=r35P1GXAfF3XHqHwIfRQOoKfXNMpNGtXSbMP0K5oLFA,1657
+passvault_cli_tool-1.0.0.dist-info/METADATA,sha256=Ey9gCjjtoW7zvrzKAM0Zk-EynTn-cwMvXSK0DlZw7Bw,4360
+passvault_cli_tool-1.0.0.dist-info/WHEEL,sha256=YCfwYGOYMi5Jhw2fU4yNgwErybb2IX5PEwBKV4ZbdBo,91
+passvault_cli_tool-1.0.0.dist-info/entry_points.txt,sha256=HvJbHFdYFzY8vYunXj2e5QdgGdWhOIlRcFujpiOUhhw,52
+passvault_cli_tool-1.0.0.dist-info/top_level.txt,sha256=pqQ5wohWBQk7yB3d6sK_QV32_oBiyCiJQTGYc0WeYXI,35
+passvault_cli_tool-1.0.0.dist-info/RECORD,,

passvault_cli_tool-1.0.0.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (82.0.0)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

passvault_cli_tool-1.0.0.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+passvault = passvault_tui.app:run

passvault_cli_tool-1.0.0.dist-info/licenses/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Senume
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

passvault_cli_tool-1.0.0.dist-info/top_level.txt

@@ -0,0 +1,3 @@
+passvault_core
+passvault_tui
+utils

passvault_core/clipboard.py

@@ -0,0 +1,206 @@
+"""
+Clipboard management module.
+
+Provides functionality to copy data to and from system clipboard
+with manual clearing control.
+"""
+
+import subprocess
+import threading
+import logging
+from typing import Optional
+from contextlib import contextmanager
+
+logger = logging.getLogger(__name__)
+
+
+class ClipboardError(Exception):
+    """Raised when clipboard operations fail."""
+    pass
+
+
+class ClipboardManager:
+    """
+    Manages clipboard operations with thread-safe access.
+    
+    Provides thread-safe copy, clear, and read operations for
+    system clipboard access. All clearing is manual.
+    """
+
+    def __init__(self):
+        """
+        Initialize the clipboard manager.
+        
+        Raises:
+            ValueError: If initialization fails.
+        """
+        self._lock = threading.RLock()
+        self._clipboard_content: Optional[str] = None
+        self._is_managed = False
+
+    def copy(self, text: str) -> None:
+        """
+        Copy text to clipboard.
+        
+        Args:
+            text: The text to copy to clipboard.
+        
+        Raises:
+            ClipboardError: If clipboard operation fails.
+            ValueError: If text is None or empty.
+        """
+        if not text or not isinstance(text, str):
+            raise ValueError("Text must be a non-empty string")
+        
+        with self._lock:
+            try:
+                # Copy to system clipboard
+                self._write_to_clipboard(text)
+                self._clipboard_content = text
+                self._is_managed = True
+                
+                logger.info(f"Copied {len(text)} characters to clipboard")
+                
+            except Exception as e:
+                self._is_managed = False
+                logger.error(f"Failed to copy to clipboard: {e}")
+                raise ClipboardError(f"Failed to copy to clipboard: {e}") from e
+
+    def clear(self) -> None:
+        """
+        Manually clear the clipboard.
+        
+        Raises:
+            ClipboardError: If clipboard clear operation fails.
+        """
+        with self._lock:
+            try:
+                # Clear clipboard
+                self._write_to_clipboard("")
+                self._clipboard_content = None
+                self._is_managed = False
+                
+                logger.info("Clipboard cleared")
+                
+            except Exception as e:
+                logger.error(f"Failed to clear clipboard: {e}")
+                raise ClipboardError(f"Failed to clear clipboard: {e}") from e
+
+    def is_managed(self) -> bool:
+        """
+        Check if clipboard is currently managed (content copied by this manager).
+        
+        Returns:
+            True if clipboard content is managed, False otherwise.
+        """
+        with self._lock:
+            return self._is_managed
+
+    @contextmanager
+    def temporary_copy(self, text: str):
+        """
+        Context manager for temporary clipboard operations.
+        
+        Ensures clipboard is cleared when exiting the context.
+        
+        Args:
+            text: Text to copy to clipboard.
+        
+        Example:
+            with clipboard_manager.temporary_copy("password123"):
+                # clipboard contains "password123"
+                pass
+            # clipboard is now cleared
+        """
+        try:
+            self.copy(text)
+            yield
+        finally:
+            self.clear()
+
+    @staticmethod
+    def _write_to_clipboard(text: str) -> None:
+        """
+        Write text to system clipboard using xclip.
+        
+        Args:
+            text: The text to write.
+        
+        Raises:
+            ClipboardError: If clipboard write fails.
+        """
+        try:
+            process = subprocess.Popen(
+                ["xclip", "-selection", "clipboard"],
+                stdin=subprocess.PIPE,
+                stdout=subprocess.PIPE,
+                stderr=subprocess.PIPE,
+            )
+            # Use input parameter and timeout to avoid hanging
+            stdout, stderr = process.communicate(
+                input=text.encode("utf-8"),
+                timeout=1
+            )
+            
+            if process.returncode != 0:
+                raise ClipboardError(f"xclip failed: {stderr.decode('utf-8', errors='ignore')}")
+                
+        except subprocess.TimeoutExpired:
+            process.kill()
+        except FileNotFoundError:
+            raise ClipboardError(
+                "xclip not found. Install it with: sudo apt-get install xclip"
+            )
+        except Exception as e:
+            raise ClipboardError(f"Clipboard write failed: {e}") from e
+
+    @staticmethod
+    def _read_from_clipboard() -> str:
+        """
+        Read text from system clipboard using xclip.
+        
+        Returns:
+            The clipboard content as a string.
+        
+        Raises:
+            ClipboardError: If clipboard read fails.
+        """
+        try:
+            process = subprocess.Popen(
+                ["xclip", "-selection", "clipboard", "-o"],
+                stdout=subprocess.PIPE,
+                stderr=subprocess.PIPE,
+            )
+            stdout, stderr = process.communicate(timeout=5)
+            
+            if process.returncode != 0:
+                raise ClipboardError(f"xclip failed: {stderr.decode('utf-8', errors='ignore')}")
+            
+            return stdout.decode("utf-8")
+                
+        except subprocess.TimeoutExpired:
+            process.kill()
+            raise ClipboardError("xclip operation timed out (5 seconds)")
+        except FileNotFoundError:
+            raise ClipboardError(
+                "xclip not found. Install it with: sudo apt-get install xclip"
+            )
+        except Exception as e:
+            raise ClipboardError(f"Clipboard read failed: {e}") from e
+
+
+# Global clipboard manager instance
+_clipboard_manager: Optional[ClipboardManager] = None
+
+
+def get_clipboard_manager() -> ClipboardManager:
+    """
+    Get or create the global clipboard manager instance.
+    
+    Returns:
+        The global ClipboardManager instance.
+    """
+    global _clipboard_manager
+    if _clipboard_manager is None:
+        _clipboard_manager = ClipboardManager()
+    return _clipboard_manager

passvault_core/crypto.py

@@ -0,0 +1,59 @@
+import os
+import json
+import base64
+from typing import Tuple
+
+try:
+    from argon2.low_level import hash_secret_raw, Type
+except Exception as e:
+    hash_secret_raw = None  # type: ignore
+
+try:
+    from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+except Exception as e:
+    AESGCM = None  # type: ignore
+
+from .errors import DecryptionError
+
+
+DEFAULT_TIME = 2
+DEFAULT_MEMORY = 65536  # KiB (64 MiB)
+DEFAULT_PARALLELISM = 1
+DEFAULT_KEY_LEN = 32
+
+
+def derive_key(password: str, salt: bytes, time_cost: int = DEFAULT_TIME, memory_cost: int = DEFAULT_MEMORY, parallelism: int = DEFAULT_PARALLELISM, key_len: int = DEFAULT_KEY_LEN) -> bytes:
+    """Derive a binary key from password and salt using Argon2id.
+
+    Requires `argon2-cffi` to be installed. Raises ImportError if not available.
+    """
+    if hash_secret_raw is None:
+        raise ImportError("argon2.low_level.hash_secret_raw is required (install argon2-cffi)")
+    if isinstance(password, str):
+        password = password.encode("utf-8")
+    return hash_secret_raw(password, salt, time_cost, memory_cost, parallelism, key_len, Type.ID)
+
+
+def encrypt(key: bytes, plaintext: bytes) -> Tuple[bytes, bytes]:
+    """Encrypt plaintext with AES-GCM. Returns (nonce, ciphertext).
+
+    Requires `cryptography` package.
+    """
+    if AESGCM is None:
+        raise ImportError("cryptography AESGCM is required (install cryptography)")
+    aesgcm = AESGCM(key)
+    nonce = os.urandom(12)
+    ct = aesgcm.encrypt(nonce, plaintext, associated_data=None)
+    return nonce, ct
+
+
+def decrypt(key: bytes, nonce: bytes, ciphertext: bytes) -> bytes:
+    """Decrypt AES-GCM ciphertext. Raises DecryptionError on auth failure."""
+    if AESGCM is None:
+        raise ImportError("cryptography AESGCM is required (install cryptography)")
+    aesgcm = AESGCM(key)
+    try:
+        pt = aesgcm.decrypt(nonce, ciphertext, associated_data=None)
+    except Exception as e:
+        raise DecryptionError("decryption failed") from e
+    return pt

passvault_core/errors.py

@@ -0,0 +1,11 @@
+"""Custom exceptions for passvault_core."""
+
+
+class DecryptionError(Exception):
+    """Raised when decryption fails or authentication check fails."""
+    pass
+
+
+class ClipboardError(Exception):
+    """Raised when clipboard operations fail."""
+    pass

passvault_core/schema.py

@@ -0,0 +1,96 @@
+import json
+from pydantic import BaseModel
+from typing import List, Optional
+
+class CredentialSchema(BaseModel):
+    username: str
+    password: str
+
+    def to_dict(self) -> dict:
+        return {
+            "username": self.username,
+            "password": self.password,
+        }
+    
+    def to_str(self) -> str:
+        return json.dumps(self.to_dict())
+    
+    @classmethod
+    def from_str(cls, data: str):
+        """Create a CredentialSchema from a JSON string."""
+        dict_data = json.loads(data)
+        return cls(**dict_data)
+
+class KDFParamsSchema(BaseModel):
+    time_cost: int = 2
+    memory_cost: int = 65536
+    parallelism: int = 1
+
+    def to_dict(self) -> dict:
+        return {
+            "time_cost": self.time_cost,
+            "memory_cost": self.memory_cost,
+            "parallelism": self.parallelism,
+        }
+
+class PointerSchema(BaseModel):
+    id: str
+    vault_id: str
+    nonce: bytes
+
+    def to_dict(self) -> dict:
+        return {
+            "id": self.id,
+            "vault_id": self.vault_id,
+            "nonce": self.nonce,
+        }
+
+    @classmethod
+    def from_dict(cls, data: dict):
+        """Create a PointerSchema from a plain dict.
+
+        This helper prefers the Pydantic v2 API (`model_validate`) when
+        available, falls back to v1 (`parse_obj`) and finally to direct
+        construction. It will raise the appropriate Pydantic
+        ValidationError on invalid input.
+        """
+        # Pydantic v2
+        if hasattr(cls, "model_validate"):
+            return cls.model_validate(data)
+        # Pydantic v1
+        if hasattr(cls, "parse_obj"):
+            return cls.parse_obj(data)
+        # Fallback
+        return cls(**data)
+
+class VaultSchema(BaseModel):
+    id: str
+    salt: bytes
+    encrypted_pointers: List[Optional[PointerSchema]] = []
+    kdf_params: KDFParamsSchema = KDFParamsSchema()
+
+    def to_dict(self) -> dict:
+        return {
+            "id": self.id,
+            "salt": self.salt,
+            "encrypted_pointers": [p.to_dict() if p else None for p in self.encrypted_pointers],
+            "kdf_params": self.kdf_params.to_dict(),
+        }
+    
+    @classmethod
+    def from_dict(self, data: dict):
+        """Create a VaultSchema from a plain dict.
+
+        This helper prefers the Pydantic v2 API (`model_validate`) when
+        available, falls back to v1 (`parse_obj`) and finally to direct
+        construction. It will raise the appropriate Pydantic
+        ValidationError on invalid input.
+        """
+        # Pydantic v2
+        if hasattr(self, "model_validate"):
+            return self.model_validate(data)
+        # Pydantic v1
+        if hasattr(self, "parse_obj"):
+            return self.parse_obj(data)
+        # Fallback
+        return self(**data)