lunar (1) assword.1.gz

Provided by: impass_0.12.2-1_all bug

NAME

       impass - Simple and secure password management and retrieval system

SYNOPSIS

       impass <command> [<args>...]

DESCRIPTION

       The password database is stored as a single json object, OpenPGP encrypted and signed, and
       written to local disk (see IMPASS_DB). The file is created  upon  addition  of  the  first
       entry. Database entries are keyed by 'context'. During retrieval of passwords the database
       is decrypted and read into memory. Contexts are searched by sub-string match.

       Contexts can be any string. If a context string is not specified on the  command  line  it
       can  be  provided  at  a prompt, which features tab completion for contexts already in the
       database. One may also specify a context of '-' to read the context from stdin, or ':'  to
       force a prompt.

       Passwords are auto-generated by default with 18 bytes of entropy. The number of octets can
       be specified with the IMPASS_PASSWORD environment variable or via  the  'pwspec'  optional
       argument  to  relevant  commands.  The  length  of  the  actually  generated password will
       sometimes be longer than the specified bytes due to base64 encoding. If pwspec is ':'  the
       user will be prompted for the password.

COMMANDS

       add [-h] [context] [pwspec]
              Add  new  entry.  If  the  context  already exists in the database an error will be
              thrown.

       replace [-h] [context] [pwspec]
              Replace password for entry. If the context does not already exist in  the  database
              an error will be thrown.

       update [-h] [old_context] [new_context]
              Update  context  for  existing  entry,  keeping password the same.  Special context
              value of '-' can only be provided to the old context.

       dump [-h] [string]
              Dump password database to stdout as json. If a string is provide only entries whose
              context  contains  the  string  will be dumped. Otherwise all entries are returned.
              Passwords will not be displayed unless IMPASS_DUMP_PASSWORDS is set.

       gui [-h] [string]
              Launch minimal X GUI. Good for X11 window manager integration.  Upon invocation the
              user  will  be  prompted  to  decrypt  the database, after which a graphical search
              prompt will be presented. If an additional string is provided, it will be added  as
              the  initial search string. All matching results for the query will be presented to
              the user. When a result is selected, the password will be  retrieved  according  to
              the  method  specified  by  IMPASS_XPASTE.  If  no match is found, the user has the
              opportunity to generate and store a new  password,  which  is  then  delivered  via
              IMPASS_XPASTE.  Note:  contexts  that  have  leading or trailing whitespace are not
              accessible through the GUI.

       remove [-h] [context]
              Remove entry. If the context does not already exist in the database an  error  will
              be thrown.

       help [-h]
              Full usage or command help (also '-h' after command).

       version [-h]
              Print version.

SIGNATURES

       During  decryption,  OpenPGP signatures on the db file are checked for validity. If any of
       them are found to not be valid, a warning message will be written to stderr.

ENVIRONMENT

       IMPASS_DB
              Path to impass database file. Default: ~/.impass/db

       IMPASS_KEYFILE
              File  containing  OpenPGP  key  ID  of  database  encryption  recipient.   Default:
              ~/.impass/keyid

       IMPASS_KEYID
              OpenPGP  key  ID of database encryption recipient. This overrides IMPASS_KEYFILE if
              set.

       IMPASS_PASSWORD
              See Passwords above.

       IMPASS_DUMP_PASSWORDS
              Include passwords in dump when set.

       IMPASS_XPASTE
              Method for password retrieval. Options are:  'xdo',  which  attempts  to  type  the
              password  into  the  window  that had focus on launch, or 'xclip' which inserts the
              password in the X clipboard. Default: xdo

AUTHOR

       Jameson    Graef    Rollins    <jrollins@finestructure.net>    Daniel     Kahn     Gillmor
       <dkg@fifthhorseman.net>