kip - Keeps Internet Passwords Password manager. Command line script to keep usernames and passwords in gnupg encrypted text files.
If you live on the command line, this is a simple, fast, secure, and evergreen way to manage your passwords. I use it multiple times a day.
kip get|add|list|edit|del|gen [filepart] [--username USERNAME] [--notes NOTES] [--prompt] [--print]
- Linux x86_64: Download the pre-built binary from Releases in the sidebar.
- Rust programmers: Clone the repo and
cargo build. - Everyone else: Eh, I dunno. Open a ticket and say what OS you need.
Make sure you have a gnupg key pair: GnuPG HOWTO.
kip add example.com --usename username
What it does:
- Generates a random password. The characters to use are in config 'choices' setting. By default it uses a-z, A-Z, 0-9 and a subset of these special characters. See CONFIGURATION section.
- Writes username and password to text file
~/.kip/passwords/example.com - Encrypts and signs it by running
gpg --encrypt --sign --armor - Copies the new password to your clipboard
Add optional notes: kip add example.com --username username --notes "My notes".
You can ask to be pompted for the password, instead of using a random one: kip add example.com --username username --prompt
kip example.com
What it does:
- Looks for
~/.kip/passwords/*example.com*, decrypts it by runninggpg --decrypt - Prints your username in bold, and any notes your stored.
- Copies your password to the clipboard
kip list "*.org"
List contents of your password directory. [filepart] argument is a glob to filter the directory list. You can use ls too!
kip edit example.com --username newuser
Change the username inside a password file. [filepart] is the file to edit, and --username sets a new username.
kip del example.com
Delete a password file. [filepart] is the file to delete. You can use rm too!
gnupg to encrypt password files, wl-copy (linux) or pbcopy (OSX) to copy password to clipboard.
On Ubuntu / Debian: sudo apt-get install gnupg, wl-copy should already be there
If you want to use different commands to encrypt / decrypt your files, want longer passwords, etc, you can. Copy this snippet (the built-in default config) to ~/.kip/kip.conf or /etc/kip/kip/conf, and customise it. It's an INI file using : as the delimiter. Make sure the home path does not end with a slash.
[gnupg]
key_fingerprint:
encrypt_cmd:gpg --quiet --encrypt --sign --default-recipient-self --armor
decrypt_cmd:gpg --quiet --decrypt
[passwords]
home:~/.kip/passwords
len:19
choices:abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$%&()*+,-./;=>?@[]^_`{|}~
[tools]
clip:
tools.clip is the command line used to copy a password to the clipboard. It's default is empty which means 'pbcopy' on OSX, 'wl-copy' elsewhere (Linux).
You should really really backup your ~/.kip/passwords/ directory. I use Borg Backup.
GnuPG is secure, open, multi-platform, and will probably be around forever. Can you say the same thing about the way you store your passwords currently?
I was using the excellent Keepass when I got concerned about it no longer being developed or supported. How would I get my passwords out? So I wrote this very simple wrapper for gnupg.
If you live in the command line, I think you will find kip makes your life a little bit better.
If you put it in a sync-ed service (Dropbox, Google Drive, etc) you can have it on multiple computers. The files are encrypted, the service won't be able to spy on you.
kipr is a Rust port of kip (Python).
There's 0 magic involved. Your accounts details are in text files, in your home directory. Each one is encrypted with your public key and signed with your private key. You can ditch kip at any time.
Browse your files: ls ~/.kip/passwords/
Display contents manually: gpg -d ~/.kip/passwords/facebook