In 45°C sweltering heat we moved house, and then sat for weeks surrounded by a pool of unopened stuff. So many things sold, donated, or recycled, and yet the amount of inexhaustible stuff we still have is astounding. On the bright side, the proximity to a lake reserve is nice.

I got myself a new MacBook Air. The technological leap this takes is striking. The keyboard is awesome, and TouchID is a blessing, especially for 2FA.2 The switch however makes some tools I rely-on either obsolete or subscription-only. The two notables are (a) TextExpander, and (b) 1Password.

There is a replacement in mind for TextExpander, but I am yet to test it. For the latter, I have been thinking about pass by Jason A. Donenfeld of WireGuard fame for a while. Inspired by its elegance, simplicity and structure, but concerned by my own lack of rigour in managing GPG keys for vault security, I chose to roll my own, but without compromising security or usability.

spm is simply an encrypted, mountable volume that contains a passwords-list in a plain-text file. The passwords-list file is a free-format. To enable better querying, I have chosen the following structure — a four-line block (and each block is separated by a single empty line. See an example (for demo purposes) below:

# Telstra
url: https://www.my.telstra.com.au/myaccount/home


spm is created in the following two steps:

1. Create a passwords-list file spm.md; save it within a folder, say, spm.
2. With MacOS’s Disk Utility, create a new image from spm folder — with (a) AES 256 encryption3, and (b) read-write options. (The password used to encrypt will be the vault’s master password.)

spm can either be read using a text editor or via command-line with grep. (All of the following is optional for those like me who prefer the Terminal.)

## Prep for command-line

Create an alias file .aliases, and add the following to it:

alias spm='function _spm(){ grep -A 3 $1 /Volumes/spm/spm.md }; _spm'%  In the .zshrc file ensure, it has access to .aliases file like so: # Load the shell dotfiles: for file in ~/.{aliases,bash_func}; do [ -r "$file"  ] && [ -f "$file" ] && source "$file";
done;
unset file;


1. Mount spm.dmg. If for instance, spm.dmg is stored on ~/Documents, then run

open ~/Documents/spm.dmg


Enter master password at GUI prompt. (Common sense suggests it is unwise to check the box labelled “Remember password in my keychain”.) This will mount a volume on Desktop /Volumes/spm in MacOS.

2. Now in Terminal, query spm like the example below (it’s case-sensitive):

spm "Telstra"


This will produce the above example block to refer to, copy, paste, etc.

Once done using spm, (a) eject the spm volume from Desktop with Cmd + E, and (b) close Terminal window.

spm.dmg file is portable, and I think can be carried in a portable drive without compromising its integrity.

To add new (or update) passwords, just mount spm.dmg, edit the spm.md file and add (or edit) a block of details, save file, and eject spm volume.