passlane
| Crates.io | passlane |
| lib.rs | passlane |
| version | 2.5.1 |
| source | src |
| created_at | 2022-06-01 07:11:44.274011 |
| updated_at | 2024-10-24 12:46:45.234935 |
| description | A password manager and authenticator for the command line |
| homepage | https://github.com/anssip/passlane |
| repository | https://github.com/anssip/passlane |
| max_upload_size | |
| id | 597976 |
| size | 256,926 |
Anssi Piirainen (anssip)
documentation
README
Passlane
A password manager and authenticator CLI using Keepass as the storage backend. In addition to passwords, it supports authenticator functionality with Timed One Time Passwords (TOTP), secure saving and managing of payment cards and secure notes.
Passlane uses the Keepass encrypted file format for storing the data.
Passlane is written in Rust.
Features
- Keepass storage format which allows you to use the vault with other Keepass compatible applications
- Supports KDB, KDBX3 and KDBX4 file formats
- The keepass storage file can be optionally secured using a key file to provide additional protection
- Generate and save passwords
- Save and view payment card information
- Save and view secure notes
- Authenticator functionality with TOTP
- Import passwords from CSV files
- Export vault contents to CSV files
Table of contents
Installation
- Download the latest release
- Unpack the archive
- Place the unarchived binary
passlaneto your $PATH
To compile from sources
- Install rust development environment: rustup
- Clone this repo
- Run build:
cargo build --release - Add the built
passlanebinary to your$PATH
Nix
Run with nix - following creates a new password:
nix run github:anssip/passlane
See below for more information on how to use the CLI.
Usage
First time setup
Run the init command to create a new vault file, or to link passlane to an existing Keepass compatible vault file. The command will interactively ask you for the required information.
passlane init
You place the vault file to the cloud allowing access from all your devices. See below for more info.
Keypass key file
In addition to the master password, you can use a key file to provide additional protection for the vault file. At this
time, Passlane cannot be used to create a key file, but you can create one with KeepassXC or other Keepass compatible
app. Once you have the file, configure the location of this file in the .keyfile_path file in the ~/.passlane/ directory.
Locking and unlocking the vault
Use the unlock command to store the master password in your computer's keychain. This way you don't have to enter the master password every time you access your passwords and other vault contents. On Macs you can then use biometric authentication to gain access to the keychain and further to the vault without typing any passwords.
passlane unlock
You can later remove the master password from the keychain with the lock command.
The one time passwords (OTPs) are stored in a separate vault file. You can unlock it with the same command accompanied with the -o option.
passlane unlock -o
To lock the vaults use the lock command. This locks both the password vault and the OTP vault:
passlane lock
To get help on the available commands:
➜ passlane -h
A password manager using Keepass as the storage backend.
Usage: passlane [COMMAND]
Commands:
init Initialize passlane. Walks you through the configuration process.
add Adds an item to the vault. Without arguments adds a new credential, use -p to add a payment card and -n to add a secure note.
edit Edit an entry.
csv Imports credentials from a CSV file.
delete Deletes one or more entries.
show Shows one or more entries.
lock Lock the vaults to prevent all access
unlock Opens the vaults and grants access to the entries
export Exports the vault contents to a CSV file.
help Print this message or the help of the given subcommand(s)
Options:
-h, --help Print help
Generating and saving passwords
To generate a new password without saving it. The generated password value is also copied to the clipboard.
passlane
To save new credentials by copying the password from clipboard:
passlane add --clipboard
To generate a new password and save credentials with one command:
passlane add -g
Using saved credentials
You can search and show saved credentials with regular expressions
passlane show <regexp>
Run passlane show foobard.com --> shows foobar.com's password and also copies the value to the clipboard.
If the search finds more than one matches:
➜ bin passlane show google
Unlocking vault...
Found 6 credentials:
+---+--------------------------------+--------------------------------+------------------+
| | Service | Username/email | Modified |
+========================================================================================+
| 0 | google.com | anssi@emmy.fi | 23.10.2024 07:22 |
|---+--------------------------------+--------------------------------+------------------|
| 1 | https://accounts.google.com/si | anssi@amm.co.jp | 23.04.2024 14:15 |
|---+--------------------------------+--------------------------------+------------------|
| 2 | google.com | anssi.piirainen@flowplayer.com | 23.04.2024 14:15 |
|---+--------------------------------+--------------------------------+------------------|
| 3 | google.com | anssip | 23.04.2024 14:15 |
|---+--------------------------------+--------------------------------+------------------|
| 4 | google.com | anssi@carbon.video | 23.04.2024 14:15 |
+---+--------------------------------+--------------------------------+------------------+
? To copy one of these passwords to clipboard, please enter a row number from the table above
[Press q to exit without copying the password]
Payment cards
To list all your saved payment cards.
➜ bin passlane show -p
Unlocking vault...
Found 3 payment cards:
+---+-------------------------+-------+--------+------------------+
| | Name | Color | Expiry | Modified |
+=================================================================+
| 0 | OP Corporate Gold (NPD) | Gold | 1/2029 | 23.10.2024 13:15 |
|---+-------------------------+-------+--------+------------------|
| 1 | Binance | black | 4/2010 | 23.10.2024 13:15 |
|---+-------------------------+-------+--------+------------------|
| 2 | Visa Gold (personal) | Gold | 6/2025 | 23.10.2024 13:15 |
+---+-------------------------+-------+--------+------------------+
? To see card details, enter a row number from the table above
[Press q to exit without showing]
To save a payment card:
passlane add -p
You can delete a note with the delete command and the -n option.
Secure notes
You can also save and manage secure notes in Passlane. The contents of notes, the title and the note text itself, are all fully encrypted and only visible to you.
You can store multiline notes in the vault. To add a secure note:
passlane add -n
To delete secure notes:
passlane delete -n
To show secure notes:
passlane show -n
Authenticator functionality
By default, Passlane stores the Timed One Time Passwords in a file named totp.json in the ~/.passlane/ directory.
You can change the location by storing the file path in a text file called .totp_vault_path in the ~/.passlane/ directory.
We recommend that you store the file in a separate location that is different from the main vault file. This way
you gain the benefit of two-factor authentication. You don't want to store these eggs in the same basket.
Here is an example where teh totp vault file is stored in Dropbox:
~/.passlane > cat .totp_vault_path
/Users/anssi/Dropbox/stuff/totp.kdbx
The TOTP vault has a separate master password that you need to enter when you access the one time passwords.
You can also store the master password in your computer's keychain to avoid typing it every time. Use
the unlock command with the -o option for this purpose.
passlane unlock -o
To add a new one time password authentication entry:
passlane add -o
Use -o to show the one time passwords. Following lists all OTP entries in the vault:
passlane show -o
To look up by name of the issuer, use the following command:
passlane show -o heroku
the output will be:
Unlocking TOTP vault...
Found 1 matching OTP authorizers:
Code 447091 (also copied to clipboard). Press q to exit.
Next code in 23 seconds
.......................
.......................
Code 942344 (also copied to clipboard). Press q to exit.
Next code in 30 seconds
..............................
...
Import from CSV
You can import credentials from a CSV file. With this approach, you can easily migrate from less elegant and often expensive commercial services.
First, make sure that the CSV file has a header line (1st line) with the following column titles:
- username
- password
- service
The service field is the URL or name of the service. When importing from Dashlane, the only necessary preparation is to rename url to service.
To export the credentials to a CSV file and import the file into Passlane:
passlane csv <path_to_csv_file>
Here are links to instructions for doing the CSV export:
Export to CSV
You can export all your vault contents to CSV files. The exported files can be imported to other password managers or to a spreadsheet program.
To export credentials to a file called creds.csv
passlane export creds.csv
To export payment cards to a file called cards.csv.
passlane export -p cards.csv
To export secure notes to a file called notes.csv
passlane export -n notes.csv
Syncing data to your devices
You can place the vault file to a cloud storage service like Dropbox, Google Drive, or iCloud Drive.
This way you can access your passwords from all your devices.
By default, Passlane assumes that the file is located at ~/.passlane/store.kdbx.
You can change the location by storing the file path in a text file called .vault_path at the ~/.passlane/ directory.
For example, this shows how John has stored the path /Users/john/Dropbox/Stuff/store.kdbx to the .vault_path file:
➜ ~ cat ~/.passlane/.vault_path
/Users/john/Dropbox/Stuff/store.kdbx
Other Keepass compatible applications
There are several other Keepass compatible applications that you can use to access the vault file:
- KeepassXC is a desktop application for Windows, macOS, and Linux
- KeepassXC-Browser
- KeePassium is a mobile application for iOS
- ... and many others