August 2021
Vim as a Password Manager
For the past eight years, I’ve kept all my passwords in a single encrypted file. The benefit is that I can generate secure passwords without having to remember them using my meat neurons.
All passwords are stored in ~/.passwords. It looks like this:
# Twitter
stakodiak
mypassword1
# Co-op Bank
example@email.com
very_secure_password_1
# AT&T
example@email.com
my_awesome_password
PIN: 11235
# IRS
email@example.com
passwords_rule
address: 1600 Penn. Ave
...Generating passwords
Every website has its own idiosyncratic rules on password requirements, so there’s no one-size-fits-all generation method. Using openssl, I can typically meet the more onerous requirements:
$ openssl rand -base64 24
e0wqUUf+8RK+yf31WZ9r1F23yodJI+cOHow to access passwords
I use a simple shell alias to access to the file:
alias pm='vim -c "set viminfo= nobackup nowritebackup noundofile noswapfile" ~/.passwords'Then I just type pm wherever I am in my terminal to access my passwords.
Encrypting the file
A few notes. When I created the file, I encrypted it using Vim’s :X command. This way, as opposed to passing the -x CLI argument, I am only prompted for my password once each time I access the file. This means I could potentially wipe my data if I were to misenter my password and then save the garbled data. Second, I added set viminfo= nobackup ... in the alias to avoid storing my passwords in Vim’s plaintext swap and backup files. Third, I used the blowfish2 encryption method by executing set cm=blowfish2 in Vim when I created the file.
Backing up my data
Since my passwords are stored in one file, I can easily keep it synced with a remote source.
I sync this file to an S3 bucket (and periodically to an offline hard drive) to make sure my data is safe in case of a hardware catastrophe.
Et voila. An easy and secure password manager.
All code is on GitHub.
Questions? Good pizza recipe? Email me at alexander@computer.org.