lately I’ve decided not to use the password manager offered by all major browsers nowadays, but instead try to manage all my passwords using some open source software in order to have a better control over my passwords.
-I’ve decided to write this article after reading this <a rel="noreferrer noopener" href="https://alien.slackbook.org/blog/sync-and-share-your-chromium-and-more-browser-data-among-all-your-computers/" target="_blank">blog entry by AlienBob</a> where he speaks of KeepassXC, and since I’ve used it, I wanted to give a valid alternative to some downsides that I’ve stumbled upon while using it.
+I've decided to write this article after reading this [blog entry by AlienBob](https://alien.slackbook.org/blog/sync-and-share-your-chromium-and-more-browser-data-among-all-your-computers/) where he speaks of KeepassXC, and since I've used it, I wanted to give a valid alternative to some downsides that I've stumbled upon while using it.
-The first approach I’ve attempted, as I said, was using <a rel="noreferrer noopener" href="https://keepassxc.org/" target="_blank">KeepassXC</a>, quoting their website:
+The first approach I've attempted, as I said, was using [KeepassXC](https://keepassxc.org/), quoting their website:
-<blockquote class="wp-block-quote">
- <p>
- KeePassXC – Cross-Platform Password Manager
- </p>
-
- <p>
- Never forget a password again.<br />Securely store passwords using industry standard encryption, quickly auto-type them into desktop applications, and use our browser extension to log into websites.
- </p>
-
- <cite><a rel="noreferrer noopener" style="" href="https://keepassxc.org/" target="_blank">KeepassXC website</a></cite>
-</blockquote>
+> **KeePassXC – Cross-Platform Password Manager**
+>
+> Never forget a password again. Securely store passwords using industry standard encryption, quickly auto-type them into desktop applications, and use our browser extension to log into websites.
+>
+> — [KeepassXC website](https://keepassxc.org/)
What I did was install keepassXC on my Slackware64-current, export all my passwords from my main browser, save them as CSV and import them inside keepassXC. Now I have to remember just one password to access my database and I can install the browser integration add-on for chromium (or firefox) to have all my passwords readily available. Neat!!
-To share my passwords between my devices, I simply made a private git repository on my server and synced the password database with it. I then went and installed <a rel="noreferrer noopener" href="https://github.com/bpellin/keepassdroid" target="_blank">KeePassDroid</a>, which is an Android implementation of keepassXC.
+To share my passwords between my devices, I simply made a private git repository on my server and synced the password database with it. I then went and installed [KeePassDroid](https://github.com/bpellin/keepassdroid), which is an Android implementation of keepassXC.
Since keepassdroid doesn’t sync automatically from a remote server, I had to use git on my phone to pull/push to my remote in order to keep the password database up to date, and even if that’s not a big deal, I wasn’t happy with my password workflow so, while still using this approach, I was looking for alternatives.
## Meet password-store
-I stumbled upon <a rel="noreferrer noopener" href="https://www.passwordstore.org" target="_blank">password-store</a>, which claims to be the standard unix password manager.
+I stumbled upon [password-store](https://www.passwordstore.org), which claims to be the standard unix password manager.
-The way it works is simple yet brilliant in my opinion, each password is kept secure in a gpg encrypted text file inside a known directory structure, the file itself as well as the directory containing it can have whatever naming convention you want, and everything can be manipulated with standard unix tools (cp, mv, rm, etc.). <acronym title="Keep It Simple, Stupid">KISS</acronym> rule, am I right?!
+The way it works is simple yet brilliant in my opinion, each password is kept secure in a gpg encrypted text file inside a known directory structure, the file itself as well as the directory containing it can have whatever naming convention you want, and everything can be manipulated with standard unix tools (cp, mv, rm, etc.). {{< acronym title="Keep It Simple, Stupid" >}}KISS{{< /acronym >}} rule, am I right?!
-Here’s how it looks like, standard tree view from the shell:
+Here's how it looks like, standard tree view from the shell:
-<pre class="wp-block-code language-bash"><code>.password-store/
-[...]
+```bash
+.password-store/
+[...]
├── facebook/
-│ └── facebook-username
+│ └── facebook-username
├── twitter/
-│ └── twitter-username
+│ └── twitter-username
├── www.instagram.com/
-│ └── instagram-username
-[...]</code></pre>
+│ └── instagram-username
+[...]
+```
-In this example, facebook is a directory, containing a gpg encrypted text file named “facebook-username”, in that file is written my password for that user on facebook, pretty straightforward.
+In this example, facebook is a directory, containing a gpg encrypted text file named "facebook-username", in that file is written my password for that user on facebook, pretty straightforward.
-The beauty of the pass program, is that it also includes git subcommands, so you can use it to sync your password database to a remote. Here’s how it works:
+The beauty of the pass program, is that it also includes git subcommands, so you can use it to sync your password database to a remote. Here's how it works:
-The first thing you want to do is create a remote repository on your git server, there’s a million ways to do so, and it depends on your git provider. If you want to host a git server I have an howto on this site, <a href="https://danix.xyz/2018/07/git-setup-own-server/" data-type="post" data-id="3748">give it a look</a>.
+The first thing you want to do is create a remote repository on your git server, there's a million ways to do so, and it depends on your git provider. If you want to host a git server I have an howto on this site, [give it a look](https://danix.xyz/2018/07/git-setup-own-server/).
-After creating the remote repository, you want to clone it in `~/.password-store`, the default directory where pass will store all your credentials, and to do so you’ll do:
+After creating the remote repository, you want to clone it in `~/.password-store`, the default directory where pass will store all your credentials, and to do so you'll do:
-<pre class="wp-block-code language-bash"><code>git clone myserver.com:git-repository ~/.password-store</code></pre>
+```bash
+git clone myserver.com:git-repository ~/.password-store
+```
-Assuming you already have a gpg key pair for johndoe@youremailaddress.com, you’ll have to initialize the password repository like this:
+Assuming you already have a gpg key pair for johndoe@youremailaddress.com, you'll have to initialize the password repository like this:
-<pre class="wp-block-code language-bash"><code>pass init johndoe@youremailaddress.com</code></pre>
+```bash
+pass init johndoe@youremailaddress.com
+```
Now pass will use the gpg key pair for that email address when encrypting and decrypting your passwords. Since it also understands when the directory is a local clone of a git repository, after initializing with the previous command, it created a commit ready to be pushed, so all you have to do is
-<pre class="wp-block-code language-bash"><code>cd ~/.password-store && git push
+```bash
+cd ~/.password-store && git push
# or you can use pass internal git capabilities with:
-pass git push</code></pre>
+pass git push
+```
and your password database will be synced.
From there you can simply invoke pass to see all your passwords, you can search your database, add or remove passwords, modify them etc. For more info you can check the manual where you also have advanced examples on how to use git with pass.
-On my android phone I’ve installed the mobile version of <a rel="noreferrer noopener" href="https://play.google.com/store/apps/details?id=dev.msfjarvis.aps" target="_blank">Password Store</a>, I’ve setup my ssh key in order to be able to pull/push from my git remote, and now I have all my passwords syncronized to my mobile as well.
+On my android phone I've installed the mobile version of [Password Store](https://play.google.com/store/apps/details?id=dev.msfjarvis.aps), I've setup my ssh key in order to be able to pull/push from my git remote, and now I have all my passwords syncronized to my mobile as well.
## On the phone
The process for installing password-store on the phone is a bit tricky, but nothing really difficult. The two apps we need are:
- * <a href="https://play.google.com/store/apps/details?id=dev.msfjarvis.aps" target="_blank" rel="noreferrer noopener">Password-store</a>
- * <a href="https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain" target="_blank" rel="noreferrer noopener">OpenKeyChain</a>
+ * [Password-store](https://play.google.com/store/apps/details?id=dev.msfjarvis.aps)
+ * [OpenKeyChain](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain)
-After installing both those apps, we’ll need to go on our computer and export our public and private gpg keys in order to import them inside OpenKeyChain, to do so we’ll go in the terminal and type away:
+After installing both those apps, we'll need to go on our computer and export our public and private gpg keys in order to import them inside OpenKeyChain, to do so we'll go in the terminal and type away:
-<pre class="wp-block-code language-bash"><code>gpg --export-secret-keys --armor johndoe@youremailaddress.com > private.asc
-gpg --export --armor johndoe@youremailaddress.com > public.asc</code></pre>
+```bash
+gpg --export-secret-keys --armor johndoe@youremailaddress.com > private.asc
+gpg --export --armor johndoe@youremailaddress.com > public.asc
+```
-now we have both our private and public key stored in a file, which we can transfer to the phone and import inside OpenKeyChain. I’ve imported the private key first and then the public one, and while importing the latter, OpenKeyChain confirmed that the key was updated, so both are essentially on the same keypair.
+now we have both our private and public key stored in a file, which we can transfer to the phone and import inside OpenKeyChain. I've imported the private key first and then the public one, and while importing the latter, OpenKeyChain confirmed that the key was updated, so both are essentially on the same keypair.
-One important note regarding git, depending on how your git repository is setup, you might be needed to import your ssh key inside password-store on your phone in order to access the repository, that’s really easy as the app will ask for your git configuration the first time you open it.
+One important note regarding git, depending on how your git repository is setup, you might be needed to import your ssh key inside password-store on your phone in order to access the repository, that's really easy as the app will ask for your git configuration the first time you open it.
-Once you’ve setup your git access, it will ask you to allow OpenKeyChain to manage your gpg key pair whenever you use password-store, and that’s it! You have now your passwords securely stored through GnuPG and synced between your devices with git.
+Once you've setup your git access, it will ask you to allow OpenKeyChain to manage your gpg key pair whenever you use password-store, and that's it! You have now your passwords securely stored through GnuPG and synced between your devices with git.
## Bonus note
-password-store is a command line program that you can access via it’s command `pass`, but there are also graphical interfaces to access it.
+password-store is a command line program that you can access via its command `pass`, but there are also graphical interfaces to access it.
-One of them is <a rel="noreferrer noopener" href="https://qtpass.org/" target="_blank">qtpass</a>, you should find it in most distros, on Slackware I found it on <a rel="noreferrer noopener" href="https://slackbuilds.org/repository/14.2/desktop/qtpass/?search=qtpass" target="_blank">SBo</a> and compiled it without any problems. It performs very well, allows you to manipulate your password repository from a graphical interface, performs push/pull operations on git and makes it easier to create complex passwords whenever you need. Just a headsup, if you install this setup on raspbian, remember to install one of the pinentry programs to be able to insert your passkey when you are not in the terminal.
+One of them is [qtpass](https://qtpass.org/), you should find it in most distros, on Slackware I found it on [SBo](https://slackbuilds.org/repository/14.2/desktop/qtpass/?search=qtpass) and compiled it without any problems. It performs very well, allows you to manipulate your password repository from a graphical interface, performs push/pull operations on git and makes it easier to create complex passwords whenever you need. Just a headsup, if you install this setup on raspbian, remember to install one of the pinentry programs to be able to insert your passkey when you are not in the terminal.
-I hope you’ll find this article useful, remember to drop me a [comment][1] if you need any help and I’ll be happy to help you as best as I can.
+I hope you'll find this article useful, remember to drop me a [comment][1] if you need any help and I'll be happy to help you as best as I can.
Cheers!!
