[REQ-cli] partof = "REQ-purpose" text = ''' The command line interface of NoVault is the main way that a typical user interacts with it. The workflow shall be: - `novault init`: initialize the security settings, like master password, randomly generated secret, "security level" (i.e. time/memory it takes to compute one password), etc. - `novault set `: the user adds a site and a minimal set of configurations. - `novault get `: the user requests to the use the password for a site. They must type their master password in, and the password will be typed for them after some signal is sent. The user shall only have to remember their master password and keep their "secret" file in a relatively safe place in order to use NoVault for retrieving ANY password. See [[REQ-security-user]]. NoVault, being a command line only application, is primarily designed for developers to use. It is not intended for laymen, as that makes the application far more complex. See [[SPC-embedded]] for how NoVault can be embedded as a security kernel in more complex GUI applications. ''' [SPC-cli] text = ''' The command line interface shall have the following flags for controlling configuration: - `-s --sites`: location of the "sites" file - `-l --lock`: location of the "lock" file preventing multiple instance from running. - `-c --secret`: location of the "secret" file, used for storing settings, checkhash and secret 256 byte key. The following flags shall exist to fulfill [[SPC-embedded]]: - `--stdin`: accept master password over stdin - `--stdout`: print site password to stdout The following sub commands shall exist to fulfill [[REQ-cli]]: - `novault init`: initialize the secret file user-defined settings, user input master password and a randomly generated secret. It has flags for setting user defined security level. - `novault set`: add/modify a site to the public `novault.sites` file. It has the following flags: - `name`: the name of the site, must be unique (or `--overwrite` passed). - `--overwrite`: stores even if `name` already exists. Useful for updating `--rev`. - `--rev`: revision number of password, needed for sites that require you to update your password as a "security-measure". `--rev` is not changed on `--overwrite` if it is not specified. - `--fmt`: fmt fulfils in a single command what other password managers require a large number of often complicated flags to fulfill. It uses full rust/python formatting syntax to modify the password in any way the user sees fit including restricting length and injecting characters. - `--pin`: converts output to stringified u64 instead of base64url - `--notes`: extra non-secure notes about the site. Not changed on `--overwrite` if not specified. - `novault get`: get a site's password, writing it via keyboard when any data has been written to `novault.lock` In addition, the following subcommands are provided for convenience: - `novault help`: get help on using NoVault - `novault list`: list available sites. - `novault InSeCuRe`: insecure subcommands. The name is intentionally made difficult and weird to type to prevent accidentally calling it. - `--export`: export current passwords to stdout. This is very important when the master password has been compromised so the user has a reference while they are changing passwords. '''