grahamking / kip Goto Github PK
View Code? Open in Web Editor NEWCommand line script to keep usernames/passwords in gnupg encrypted text files.
License: GNU General Public License v3.0
Command line script to keep usernames/passwords in gnupg encrypted text files.
License: GNU General Public License v3.0
There is one import (from kip import __version__
) that prevents me from just downloading a single file and running it as a stand-alone script. It'd be a nice feature to have.
Use case: Is my google account under google.com or gmail.com? I can't remember and want to search...
I realize this is an ls
or find
away, but it'd be nice to have it accessible from kip.
~/.kip ᐅ kip edit nonexistent-secret --notes "hi"
Traceback (most recent call last):
File "/usr/local/share/python/kip", line 9, in <module>
load_entry_point('kip==0.3.0', 'console_scripts', 'kip')()
File "/Users/brian/code/kip/kip/cli.py", line 104, in main
retcode = CMDS[args.cmd](args)
File "/Users/brian/code/kip/kip/cli.py", line 156, in cmd_edit
print('File not found: {}'.format(filename))
UnboundLocalError: local variable 'filename' referenced before assignment
I think that the encrypted password file will beneficiate from being structured, at the moment we are only storing 3 arbitrary fields:
i would prefer if this fields where configurable and if I could add more on some special account answer to the mysterious question, digicode for a door, ...
I think this could easily be done if the encrypted files were structured. There are few file formats that are both human readable and easily parsed in Python:
Python has a parser included for both of them in stdlib.
At the moment to edit your username or notes you use gpg, decrypt the file, edit it, encrypt it again. That's fine, but it would be quite nice to do something like: kip <sitename> --amend <username> <notes>
On many sites you don't know if your username is available, or valid, until after you've entered a password.
When running ./kip add something
the gpg command might fail (Invalid keys, or whatever). If it does, kip creates an empty file, tries to decrypt it (which obviously fail), and return a stack trace.
Ideally, if the GPG command fails (or returns an empty string), the file would never be created and an error message will be shown. Another option is that, if decryption fails, the file is considered corrupt and deleted.
If you create an entry and then later use a filepart (partial name) to refer to it, the filename gets changed to the filepart:
$ kip add somesite.com
$ kip list
Listing /Users/brian/.kip/passwords/*:
somesite.com
$ kip edit somesite --notes "hello"
$ kip list
Listing /Users/brian/.kip/passwords/*:
somesite
Would be nice if when sshed to a machine, kip could put the password on my local clipboard. Google search gives us:
http://stackoverflow.com/questions/1152362/getting-items-on-the-local-clipboard-from-a-remote-ssh-session
http://unix.stackexchange.com/questions/16694/copy-input-to-clipboard-over-ssh
Creating this ticket to track the idea, report on experiments.
I would like to address the "wife's laptop" problem: I'm not at my computer, I'm at my wife's laptop, or at a library computer, or on a friends iPad, and I need my password.
This only works if I can get to the USB port of the machine. At my library the computer might be locked down. My iPad does not have a USB port.
I think using HTTP / a browser is the simplest and most widely available interface.
We should definitely use SSL, although we can probably leave that for external tools, such as stunnel (or any SSL and proxy capable web server).
We could decrypt everything server-side before you go travelling, and re-encrypt it with a "disposable" symmetric cipher, which also has a JS implementation, such as AES.
We add a kip server
command which waits for a glob as the url path, and sends you the AES encrypted file, along with some JS. On the client the JS asks you for the passphrase and decrypts the file.
We can also use HTTP basic-auth to discourage people more.
Once you get back home you stop the kip server
and delete the symmetric files. You're only at risk during your travels.
I would probably forget to do this before I leave, so setup must be simple enough that I can talk a friend through it on the phone ("Turn on my computer and type ssh remote_machine
, now type kip server
, ok enter this as the passphrase, that's it thanks!")
I think using SSL will protect us from network caches, and doing decryption in JS will protect us from the browser's cache.
This requires you to have an Internet visible server you can run stuff on.
What if there is a key logger on the machine I'm using?
Once we have a basic plan I can ask for feedback on a crypto forum.
@yml, @sethtrain, @WRB What do you think?
I might want to have one config files which encrypts to myself (the normal case), and another that encrypts to all my colleagues. There should be a command line switch to override default config file.
Auto-complete from contents of ~/.kip/passwords/
Need better handling - output help text
Kip displays a good error description, but there is no need to also write out the whole python traceback. As a user it wouldnt help me, just more confusing.
Just do this if I add --verbose or so.
martin ~/Dropbox/Lincoln Loop devs/secrets $ ./kip get vimeo.com
gpg: Entschlüsselung fehlgeschlagen: Geheimer Schlüssel ist nicht vorhanden
Traceback (most recent call last):
File "./kip", line 519, in <module>
sys.exit(main())
File "./kip", line 107, in main
retcode = CMDS[args.cmd](args)
File "./kip", line 114, in cmd_get
return show(args.filepart, args.is_print)
File "./kip", line 310, in show
username, password, notes = extract(filename)
File "./kip", line 354, in extract
username = parts[1]
IndexError: list index out of range
echo "password" | kip mysite.com user
will leave the password in plain text in the user's shell history. There must be a better way to do it.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.