Xaprb

Stay curious!

Vim, the ultimate command-line password manager

with 11 comments

Thanks to a comment on a recent blog post where I lamented the lack of an easy-to-use password manager, I’ve switched from Revelation to… Vim.

I already use Vim for my note-keeping system. I simply add a modeline to the top of the file,

# vim: set ic hlsearch:

This makes searches case-insensitive, so I can just open the file and start typing a search, and it highlights it and moves to the first match as I type. It’s a great way to find something in a file. I have used this simple technique for many years to build a topical index over thousands of interesting email threads, code snippets, posts from bloggers, and customer issues. To use a buzzword, it scales as large as I need it to, and I can quickly find just about anything on any topic I’ve cared about in the past.

The remaining question is how to encrypt the file full of passwords. That’s what Sergio showed me in his comment. There’s a GPG plugin for Vim that detects that I’m opening a GPG-encrypted file and decrypts the buffer for me. This makes it incredibly easy to open, search, edit, and save the file. Much easier than Revelation. I found that the plugin didn’t properly encrypt the file (or I’m doing something wrong), so I first created the file as plain-text and manually encrypted it with GPG, and subsequently the plugin seems to work great.

I still might follow up on Sergio’s suggestions for building something on top of this. I’d really like integration with the desktop: press a key, start typing and seeing matches auto-complete, press TAB when I have the one I want, and copy the password. Maybe I will actually do this. Or maybe a hot-key to simply open Vim with the password file in a terminal is all I need.

Written by Xaprb

June 11th, 2011 at 8:44 am

Posted in Desktop

Tagged with

«
»

11 Responses to 'Vim, the ultimate command-line password manager'

Subscribe to comments with RSS

  1. Great! That is what I was looking for since years. Will try that with my co-worker. Integration with the desktop would be perfect. Maybe I can find some time next week to play with it. Thanks for posting!

    SW

    11 Jun 11 at 9:45 am

  2. Great writeup; the seamless encryption management makes it all the more convincing. The one thing that is still missing is an automatic password generator — this is a major benefit of something like Password Safe. But I imagine it should not be too hard to automate a solution on top of the vim approach you’ve proposed. Any ideas?

    KV

    11 Jun 11 at 1:14 pm

  3. It’s easy to shell out a command to inject a password from a utility, such as “.!pwgen -cn 10″. But I usually do something more like the following: I’ll think of a few syllables and some numbers, such as “ber som lab ink 82″ and combine them. (I chose those syllables from the preceding sentence.) If you know that I generate passwords this way, it isn’t as hard to crack as a random string of characters and numbers, but it’s pronounceable and memorizeable, and that gives it some strong advantages. The #1 security attack vector is the sticky note on the side of the monitor because your password is impossible to memorize :)

    Xaprb

    11 Jun 11 at 3:34 pm

  4. Nice write up. If you are using I think vim 7.3 you can just run vim -x and get built in encryption without the need to setup gpg.

    That being said historically vim used very weak encryption that could be broken when using -x. In 7.3 they changed it over to blowfish, as far as I know it isn’t easily bypassed now.

    gregf

    12 Jun 11 at 8:55 am

  5. The 7.x series of Vim has blowfish to use for its own encryption. That is what I use. I use it along with vimwiki to keep track of just about everything.

    Robert

    12 Jun 11 at 1:14 pm

  6. I wasn’t aware that Vim had built-in encryption. Thanks for pointing this out! I also need to check out vimwiki.

    Xaprb

    12 Jun 11 at 1:16 pm

  7. I also make use of the GPG plugin for Vim. But I store each password in a separate file and have gpg-agent running so that I only need to enter the password every x minutes (or after locking the screen).

    Paul Tötterman

    12 Jun 11 at 5:13 pm

  8. for the extension, i would recommend looking into something like dmenu for the interface. It’s pretty intuitive, nicely scriptable, and overall pretty sweet. :)

    mic

    12 Jun 11 at 7:10 pm

  9. Can’t beat the simplicity of vim (or emacs) for editing/maintaining your secrets. Point-and-click interfaces tend to feel pretty clunky (though they have their benefits)

    Coincidentally, I just finished the first pass on my cipherstore querier/clipboard-paster which supports using GnuPG and gnupg.vim to do the heavy lifting:

    https://github.com/robertkrimen/App-locket

    Robert

    24 Jun 11 at 1:57 pm

  10. Does emacs have a plugin or other method to transparently decrypt and recrypt the file?

    Xaprb

    24 Jun 11 at 2:28 pm

  11. I’d be surprised if emacs *didn’t* have transparent encryption

    I don’t have first-hand experience with emacs, but there’s a lot of information on their wiki:

    http://www.emacswiki.org/emacs/AutoEncryption

    Robert

    24 Jun 11 at 3:58 pm

Leave a Reply