Simple password manager

In 45°C sweltering heat we moved house, and then sat for weeks surrounded by a pool of unopened stuff. So many things sold, donated, or recycled, and yet the amount of inexhaustible stuff we still have is astounding. On the bright side, the proximity to a lake reserve is nice.

I got myself a new MacBook Air. The technological leap this takes is striking. The keyboard is awesome, and TouchID is a blessing, especially for 2FA.2 The switch however makes some tools I rely-on either obsolete or subscription-only. The two notables are (a) TextExpander, and (b) 1Password.

There is a replacement in mind for TextExpander, but I am yet to test it. For the latter, I have been thinking about pass by Jason A. Donenfeld of WireGuard fame for a while. Inspired by its elegance, simplicity and structure, but concerned by my own lack of rigour in managing GPG keys for vault security, I chose to roll my own, but without compromising security or usability.

Simple Password Manager (spm)

spm is simply an encrypted, mountable volume that contains a passwords-list in a plain-text file. The passwords-list file is a free-format. To enable better querying, I have chosen the following structure — a four-line block (and each block is separated by a single empty line. See an example (for demo purposes) below:

# Telstra
user (or num): my_unique_username
pass (or pin): my_secret_password

spm is created in the following two steps:

  1. Create a passwords-list file; save it within a folder, say, spm.
  2. With MacOS’s Disk Utility, create a new image from spm folder — with (a) AES 256 encryption3, and (b) read-write options. (The password used to encrypt will be the vault’s master password.)

spm can either be read using a text editor or via command-line with grep. (All of the following is optional for those like me who prefer the Terminal.)

Prep for command-line

Create an alias file .aliases, and add the following to it:

alias spm='function _spm(){ grep -A 3 $1 /Volumes/spm/ }; _spm'%

In the .zshrc file ensure, it has access to .aliases file like so:

# Load the shell dotfiles:
for file in ~/.{aliases,bash_func}; do
    [ -r "$file"  ] && [ -f "$file"  ] && source "$file";
unset file;

Restart Terminal, and this command is ready at your finger tips.

Querying password(s)

  1. Mount spm.dmg. If for instance, spm.dmg is stored on ~/Documents, then run

    open ~/Documents/spm.dmg

    Enter master password at GUI prompt. (Common sense suggests it is unwise to check the box labelled “Remember password in my keychain”.) This will mount a volume on Desktop /Volumes/spm in MacOS.

  2. Now in Terminal, query spm like the example below (it’s case-sensitive):

    spm "Telstra"

    This will produce the above example block to refer to, copy, paste, etc.

Once done using spm, (a) eject the spm volume from Desktop with Cmd + E, and (b) close Terminal window.

spm.dmg file is portable, and I think can be carried in a portable drive without compromising its integrity.

Adding or updating new password(s)

To add new (or update) passwords, just mount spm.dmg, edit the file and add (or edit) a block of details, save file, and eject spm volume.

  1. It is also nice to be able to put Touch ID to use for the sudo command; same for GitHub

  2. I do not like subscription models; exception: email service. 

  3. Non MacOS users can consider using archive encryption, e.g., 7zip offers AES 256 encryption, which is same as that offered by MacOS’s Disk Utility.