1
0
mirror of https://github.com/octoleo/Purse.git synced 2025-04-22 15:11:50 +00:00
drduh 9b2f643cdd
Merge pull request #14 from drduh/wip-13apr25
additional readme improvements
2025-04-14 00:00:36 +00:00
2024-03-10 22:38:49 +00:00
2024-03-26 15:57:33 -07:00
2024-03-10 14:59:33 -07:00
2024-07-04 16:28:27 -07:00

Purse is a Bash shell script based on drduh/pwd.sh.

Both programs use GnuPG to manage secrets in encrypted text files. Purse is based on asymmetric (public-key) authentication, while pwd.sh is based on symmetric (passphrase-based) authentication.

Purse eliminates the need for a passphrase: plug in the YubiKey, enter PIN and touch it to access secrets.

Important

A GnuPG identity is required to use Purse - see drduh/YubiKey-Guide to set one up.

Install

Purse is available for download from Releases, or directly from GitHub:

wget https://github.com/drduh/Purse/blob/master/purse.sh

Use

Run the script interactively using ./purse.sh or symlink to a directory in PATH:

  • w to create a secret
  • r to access a secret
  • l to list all secrets
  • b to create a backup archive
  • h to print the help text

Options can also be passed on the command line.

Create a 20-character password for userName:

./purse.sh w userName 20

Read password for userName:

./purse.sh r userName

Passwords are stored with an epoch timestamp for revision control. The most recent version is copied to clipboard on read. To list all passwords or read a specific version of a password:

./purse.sh l

./purse.sh r userName@1574723600

Create an archive for backup:

./purse.sh b

Restore an archive from backup:

tar xvf purse*tar

Configure

See config/gpg.conf for recommended GnuPG options.

Several customizable options and features are also available, and can be configured with environment variables, for example in the shell rc file:

Variable Description Default Available options
PURSE_CLIP clipboard to use xclip pbcopy on macOS
PURSE_CLIP_ARGS arguments to pass to clipboard command unset (disabled) -i -selection clipboard to use primary (control-v) clipboard with xclip
PURSE_TIME seconds to clear password from clipboard/screen 10 any valid integer
PURSE_LEN default generated password length 14 any valid integer
PURSE_COPY copy password to clipboard before write unset (disabled) 1 or true to enable
PURSE_DAILY create daily backup archive on write unset (disabled) 1 or true to enable
PURSE_ENCIX encrypt index for additional privacy; 2 YubiKey touches will be required for separate decryption operations unset (disabled) 1 or true to enable
PURSE_COMMENT unencrypted comment to include in index and safe files unset any valid string
PURSE_CHARS character set for passwords [:alnum:]!?@#$%^&*();:+= any valid characters
PURSE_DEST password output destination, will set to screen without clipboard clipboard clipboard or screen
PURSE_ECHO character used to echo password input * any valid character
PURSE_SAFE safe directory name safe any valid string
PURSE_INDEX index file name purse.index any valid string
PURSE_BACKUP backup archive file name purse.$hostname.$today.tar any valid string

Note

For privacy, the recipient key ID is not included in metadata (using the GnuPG throw-keyids option).

Description
GPG asymmetric (YubiKey) password manager
Readme 109 KiB
Languages
Shell 100%