A fortune quote: m is the anesthetic given by a kindly nature to relieve the pain of being a damned fool. -- Bellamy Brooks

Tutorial for storing passwords

First check out pwgrep from git and edit the configuration parameters in its header. Also setup a versioning repository (e.g. svn) for your password database storage (preferable using some encryption for checkout/update operations such as SSL or SSH). Afterwards you may go on with the usage of pwgrep itself:

Please note that the current version of pwgrep is configured to work with git. The rest of this tutorial however should work as with svn.

The database file is divided in several records. Each record begins with its name followed by several lines holding all the secret information. The (actually very simple) format of the database file is as follows:

some record name here
	after a tabulator some secret information
	more secret information
another record name here
	secret username: foo
	secret password is bla
	you can write as many secret infos as you wish
.
.
secret stuff
	password: hello world
	username: mr. universe
.
.

The database is not stored in plain text. It is encrypted using GnuPG (database.gpg).

I can only search for the record names of a database file. For example if I want to see my secret username and password which is stored in the database.gpg file it will look like this:

After entering the password of my secret GnuPG key I will receive the information requested:

pwgrep will print out automatically all records matching my search string. Not only the first one it finds.

I can use pwedit for the case I want to add something to the database or just to edit/delete something of the current database:

After editing, pwgrep will automatically wipe all temporally files securely and it will commit the new version into the versioning system (In this case subversion is being used. But others can be configured as well). pwgrep is using Vim (with swapping and backuping disabled) in order to edit the database file. If you want to use a different editor, you should make sure NOT to produce temporally files. If you produce temporally files, at least they should get wiped securely from the hard disk.

If you want to look up your secret ebay stuff, just search for it with

~/svn/pwgrep$ pwgrep ebay

Since pwgrep v0.5 it's possible to specify the offline option, which causes pwgrep not use versioning at all (usable if there is no connection to the subversion or CVS server available):

~/svn/pwgrep$ pwgrep -o ebay

All commands support the -o option