mirror of
https://github.com/octoleo/Purse.git
synced 2024-12-29 12:32:39 +00:00
Add configuration options to README
This commit is contained in:
parent
80d501cba8
commit
02b910b326
52
README.md
52
README.md
@ -1,43 +1,35 @@
|
|||||||
# Purse
|
|
||||||
|
|
||||||
Purse is a fork of [drduh/pwd.sh](https://github.com/drduh/pwd.sh).
|
Purse is a fork of [drduh/pwd.sh](https://github.com/drduh/pwd.sh).
|
||||||
|
|
||||||
Both programs are Bash shell scripts which use [GnuPG](https://www.gnupg.org/) to manage passwords and other secrets in encrypted text files. Purse is based on asymmetric (public-key) authentication, while pwd.sh is based on symmetric (password-based) authentication.
|
Both programs are Bash shell scripts which use [GnuPG](https://www.gnupg.org/) to manage passwords and other secrets in encrypted text files. Purse is based on asymmetric (public-key) authentication, while pwd.sh is based on symmetric (password-based) authentication.
|
||||||
|
|
||||||
While both scripts use a trusted crypto implementation (GnuPG) and safely handle passwords (never saving plaintext to disk, only using shell built-ins), Purse eliminates the need to remember a master password - just plug in a YubiKey, enter the PIN, then touch it to decrypt a password to clipboard.
|
While both scripts use a trusted crypto implementation (GnuPG) and safely handle passwords (never saving plaintext to disk, only using shell built-ins), Purse eliminates the need to remember a master password - just plug in a YubiKey, enter the PIN, then touch it to decrypt a password to clipboard.
|
||||||
|
|
||||||
# Release notes
|
# Install
|
||||||
|
|
||||||
See [Releases](https://github.com/drduh/Purse/releases)
|
This script requires a GnuPG identity - see [drduh/YubiKey-Guide](https://github.com/drduh/YubiKey-Guide) to set one up.
|
||||||
|
|
||||||
# Use
|
For the latest version, clone the repository or download the script directly:
|
||||||
|
|
||||||
This script requires a GnuPG identity - see [drduh/YubiKey-Guide](https://github.com/drduh/YubiKey-Guide) to set one up. Multiple identities stored on several YubiKeys are recommended for improved durability and reliability.
|
|
||||||
|
|
||||||
Clone the repository:
|
|
||||||
|
|
||||||
```console
|
```console
|
||||||
git clone https://github.com/drduh/Purse
|
git clone https://github.com/drduh/Purse
|
||||||
```
|
|
||||||
|
|
||||||
Or download the script directly:
|
|
||||||
|
|
||||||
```console
|
|
||||||
wget https://github.com/drduh/Purse/blob/master/purse.sh
|
wget https://github.com/drduh/Purse/blob/master/purse.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Versioned [Releases](https://github.com/drduh/Purse/releases) are also available.
|
||||||
|
|
||||||
|
# Use
|
||||||
|
|
||||||
Run the script interactively using `./purse.sh` or symlink to a directory in `PATH`:
|
Run the script interactively using `./purse.sh` or symlink to a directory in `PATH`:
|
||||||
|
|
||||||
* Type `w` to write a password
|
- `w` to write a password
|
||||||
* Type `r` to read a password
|
- `r` to read a password
|
||||||
* Type `l` to list passwords
|
- `l` to list passwords
|
||||||
* Type `b` to create an archive for backup
|
- `b` to create an archive for backup
|
||||||
* Type `h` to print the help text
|
- `h` to print the help text
|
||||||
|
|
||||||
Options can also be passed on the command line.
|
Options can also be passed on the command line.
|
||||||
|
|
||||||
Example usage:
|
|
||||||
|
|
||||||
Create a 20-character password for `userName`:
|
Create a 20-character password for `userName`:
|
||||||
|
|
||||||
```console
|
```console
|
||||||
@ -50,7 +42,7 @@ Read password for `userName`:
|
|||||||
./purse.sh r userName
|
./purse.sh r userName
|
||||||
```
|
```
|
||||||
|
|
||||||
Passwords are stored with a timestamp for revision control. The most recent version is copied to clipboard on read. To list all passwords or read a specific version of a password:
|
Passwords are stored with an epoch timestamp for revision control. The most recent version is copied to clipboard on read. To list all passwords or read a specific version of a password:
|
||||||
|
|
||||||
```console
|
```console
|
||||||
./purse.sh l
|
./purse.sh l
|
||||||
@ -70,8 +62,24 @@ Restore an archive from backup:
|
|||||||
tar xvf purse*tar
|
tar xvf purse*tar
|
||||||
```
|
```
|
||||||
|
|
||||||
|
# Configure
|
||||||
|
|
||||||
|
Several customizable options and features are also available, and can be configured with environment variables, for example in the [shell rc](https://github.com/drduh/config/blob/master/zshrc) file:
|
||||||
|
|
||||||
|
Variable | Description | Default | Values
|
||||||
|
-|-|-|-
|
||||||
|
`PURSE_TIME` | seconds to clear password from clipboard/screen | `10` | any valid integer
|
||||||
|
`PURSE_LEN` | default generated password length | `14` | any valid integer
|
||||||
|
`PURSE_COPY` | copy password to clipboard before write | unset (disabled) | `1` or `true` to enable
|
||||||
|
`PURSE_DAILY` | create daily backup archive on write | unset (disabled) | `1` or `true` to enable
|
||||||
|
`PURSE_COMMENT` | **unencrypted** comment to include in index and safe files | unset | any valid string
|
||||||
|
`PURSE_DEST` | password output destination, will set to `screen` without clipboard | `clipboard` | `clipboard` or `screen`
|
||||||
|
`PURSE_SAFE` | safe directory name | `safe` | any valid string
|
||||||
|
`PURSE_INDEX` | index file name | `purse.index` | any valid string
|
||||||
|
`PURSE_BACKUP` | backup archive file name | `purse.$hostname.$today.tar` | any valid string
|
||||||
|
|
||||||
**Note** For additional privacy, the recipient key ID is **not** included in metadata (`throw-keyids` option).
|
**Note** For additional privacy, the recipient key ID is **not** included in metadata (`throw-keyids` option).
|
||||||
|
|
||||||
The password index file can also be encrypted by changing the `encrypt_index` variable to `true` in the script, although two touches will be required for two separate decryption operations.
|
The password index file can also be encrypted by changing the `encrypt_index` variable to `true` in the script, although two touches will be required for two separate decryption operations.
|
||||||
|
|
||||||
See [config/gpg.conf](https://github.com/drduh/config/blob/master/gpg.conf) for additional configuration options.
|
See [config/gpg.conf](https://github.com/drduh/config/blob/master/gpg.conf) for additional GnuPG options.
|
||||||
|
Loading…
Reference in New Issue
Block a user