A web interface for pass, a UNIX password manager.
go get -u github.com/emersion/webpass/...
cd $GOPATH/src/github.com/emersion/webpass
npm install
gpg --export-secret-keys > private-key.gpg
webpass
Go to http://localhost:8080. You'll be first asked for your login password. Once logged in, a list of your passwords is displayed. When you click on an item, your PGP key password will be prompted and the password will be displayed.
You can now setup an HTTPS reverse proxy to webpass.
You can also choose not to store your encrypted PGP private key on the server, in this case you'll have to carry it with you e.g. on a USB stick.
Create config.json
:
{
"auth": {
"type": "git",
"url": "git@git.example.org:user/pass-store.git",
"privatekey": "/home/user/.ssh/id_rsa"
},
"pgp": {
"privatekey": "private-key.gpg"
}
}
auth
: configures authentication.auth.type
must be one of:none
: no authentication. You should configure HTTP authentication with a reverse proxy for instance.pam
: uses the current user's account.git
: uses a remote Git repository, which is cloned in memory when logging in. The repository's URL must be specified withauth.url
, and a SSH private key can be specified withauth.privatekey
.
pgp
: configures OpenPGPpgp.privatekey
: path to your OpenPGP private key. If not specified, your private key will be requested when decrypting a password.
Once logged in, the encrypted PGP key and the encrypted passwords will be served by the API.
The PGP key password won't be sent to the server, since the passwords are decrypted client-side.
MIT