/webpass

A web interface for pass, a UNIX password manager

Primary LanguageGoMIT LicenseMIT

webpass

A web interface for pass, a UNIX password manager.

Usage

go get -u github.com/emersion/webpass/...

cd $GOPATH/src/github.com/emersion/webpass
npm install
gpg --export-secret-keys > private-key.gpg

webpass

Go to http://localhost:8080. You'll be first asked for your login password. Once logged in, a list of your passwords is displayed. When you click on an item, your PGP key password will be prompted and the password will be displayed.

You can now setup an HTTPS reverse proxy to webpass.

You can also choose not to store your encrypted PGP private key on the server, in this case you'll have to carry it with you e.g. on a USB stick.

Configuration

Create config.json:

{
	"auth": {
		"type": "git",
		"url": "git@git.example.org:user/pass-store.git",
		"privatekey": "/home/user/.ssh/id_rsa"
	},
	"pgp": {
		"privatekey": "private-key.gpg"
	}
}
  • auth: configures authentication. auth.type must be one of:
    • none: no authentication. You should configure HTTP authentication with a reverse proxy for instance.
    • pam: uses the current user's account.
    • git: uses a remote Git repository, which is cloned in memory when logging in. The repository's URL must be specified with auth.url, and a SSH private key can be specified with auth.privatekey.
  • pgp: configures OpenPGP
    • pgp.privatekey: path to your OpenPGP private key. If not specified, your private key will be requested when decrypting a password.

Security

Once logged in, the encrypted PGP key and the encrypted passwords will be served by the API.

The PGP key password won't be sent to the server, since the passwords are decrypted client-side.

License

MIT