Simple password manager

In 45°C sweltering heat we moved house, and then sat for weeks surrounded by a pool of unopened stuff. So many things sold, donated, or recycled, and yet the amount of inexhaustible stuff we still have is astounding. On the bright side, the proximity to a lake reserve is nice.

I got myself a new MacBook Air. The technological leap this takes is striking. The keyboard is awesome, and TouchID is great. The switch however makes some tools I rely-on either obsolete or subscription-only. The two notables are (a) TextExpander, and (b) 1Password.

There is a replacement in mind for TextExpander, which I am yet to test. For the latter, I have been thinking about pass by Jason A. Donenfeld of WireGuard fame for a while. Inspired by its elegance, simplicity and structure, but concerned by my own lack of rigour in managing GPG keys for vault security, I chose to roll my own, but without compromising security or usability.

Simple Password Manager (spm)

spm is simply an encrypted, mountable volume that contains a passwords-list in a plain-text file. The passwords-list file is a free-format. To enable better querying, I have chosen the following structure — a four-line block (and each block is separated by a single empty line. See an example (for demo purposes) below:

# Telstra
user (or num): my_unique_username
pass (or pin): my_secret_password

spm is created in the following two steps:

  1. Create a passwords-list file; save it within a folder, say, spm.
  2. With MacOS’s Disk Utility, create a new image from spm folder — with (a) AES 256 encryption1, and (b) read-write options. (The password used to encrypt will be the vault’s master password.)

spm can either be read using a text editor or via command-line with grep. (All of the following is optional for those like me who prefer the Terminal.)

Prep for command-line

Create an alias file .aliases, and add the following to it:

alias spm='function _spm(){ grep -A 3 $1 /Volumes/spm/ }; _spm'%

In the .zshrc file ensure, it has access to .aliases file like so:

# Load the shell dotfiles:
for file in ~/.{aliases,bash_func}; do
    [ -r "$file"  ] && [ -f "$file"  ] && source "$file";
unset file;

Restart Terminal, and this command is ready at your finger tips.

Querying password(s)

  1. Mount spm.dmg. If for instance, spm.dmg is stored on ~/Documents, then run

    open ~/Documents/spm.dmg

    Enter master password at GUI prompt. (Common sense suggests it is unwise to check the box labelled “Remember password in my keychain”.) This will mount a volume on Desktop /Volumes/spm in MacOS.

  2. Now in Terminal, query spm like the example below (it’s case-sensitive):

    spm "Telstra"

    This will produce the above example block to refer to, copy, paste, etc.

Once done using spm, (a) eject the spm volume from Desktop with Cmd + E, and (b) close Terminal window.

spm.dmg file is portable, and I think can be carried in a portable drive without compromising its integrity.

Adding or updating new password(s)

To add new (or update) passwords, just mount spm.dmg, edit the file and add (or edit) a block of details, save file, and eject spm volume.

  1. Non MacOS users can consider using archive encryption, e.g., 7zip offers AES 256 encryption, which is same as that offered by MacOS’s Disk Utility.