my dotz
make show/edit more resilient, commit 1st rotation draft
+32
-13
+32
-13
bin/pa
+32
-13
bin/pa
···
49
49
printf '%s\n' "Saved '$name' to the store."
50
50
}
51
51
52
+
pw_rotate() {
53
+
if yn "Generate a new key and re-encrypt all of your passwords?"; then
54
+
mkdir -p ~/.age
55
+
printf "Old key saved at ~/.age/key.txt.bak"
56
+
mv ~/.age/key.txt ~/.age/key.txt.bak
57
+
age-keygen -o ~/.age/key.txt
58
+
59
+
cd "$PA_DIR"
60
+
for pass in *; do
61
+
printf "$pass\n"
62
+
ls -l "$pass"
63
+
cat "$pass"
64
+
done
65
+
66
+
printf "Completed rotation\n"
67
+
fi
68
+
}
69
+
52
70
pw_edit() {
53
71
name=$1
54
72
55
-
if [ ! -f "$name.age" ]; then
56
-
die "Failed to access $name"
57
-
fi
73
+
[ -f "$name.age" ] || die "Failed to access $name"
58
74
59
75
# we use /dev/shm because it's an in-memory
60
76
# space that we can use to store private data,
61
77
# and securely wipe it without worrying about
62
78
# residual badness
63
-
if [ ! -d /dev/shm ]; then
64
-
die "Failed to access /dev/shm"
65
-
fi
79
+
[ -d /dev/shm ] || die "Failed to access /dev/shm"
66
80
67
81
mkdir -p /dev/shm/pa
68
82
trap 'rm -rf /dev/shm/pa' EXIT
69
83
tmpfile="/dev/shm/pa/$name.txt"
70
84
71
-
age -i ~/.age/key.txt --decrypt "$1.age" > "$tmpfile"
85
+
age -i ~/.age/key.txt --decrypt "$1.age" 2>/dev/null > "$tmpfile" ||
86
+
die "Could not decrypt $1.age"
87
+
72
88
"${EDITOR:-vi}" "$tmpfile"
73
89
74
90
if [ ! -f "$tmpfile" ]; then
···
91
107
}
92
108
93
109
pw_show() {
94
-
age -i ~/.age/key.txt --decrypt "$1.age"
110
+
age -i ~/.age/key.txt --decrypt "$1.age" 2>/dev/null ||
111
+
die "Could not decrypt $1.age"
95
112
}
96
113
97
114
pw_list() {
···
163
180
=> [d]el [name] - Delete a password entry.
164
181
=> [e]dit [name] - Edit a password entry with $EDITOR.
165
182
=> [l]ist - List all entries.
183
+
=> [r]otate - Generate a new age key, re-encrypt all passwords.
166
184
=> [s]how [name] - Show password for an entry.
167
185
Password length: export PA_LENGTH=50
168
186
Password pattern: export PA_PATTERN=_A-Z-a-z-0-9
···
216
234
[ -t 1 ] && trap 'stty echo icanon' INT EXIT
217
235
218
236
case $1 in
219
-
a*) pw_add "$2" ;;
220
-
d*) pw_del "$2" ;;
221
-
e*) pw_edit "$2" ;;
222
-
s*) pw_show "$2" ;;
223
-
l*) pw_list ;;
237
+
a*) pw_add "$2" ;;
238
+
d*) pw_del "$2" ;;
239
+
e*) pw_edit "$2" ;;
240
+
s*) pw_show "$2" ;;
241
+
l*) pw_list ;;
242
+
r*) pw_rotate ;;
224
243
*) usage
225
244
esac
226
245
}