Write a Password Manager in POSIX Shell


pass is over 600 SLOC, yet I don't use its nested hierarchy, git integration, nor password generation.

To encrypt and decrypt, pass does nothing too fancy that is a major security issue by omission. This is the code for showing a password

if [[ -f $passfile ]]; then
        if [[ $clip -eq 0 && $qrcode -eq 0 ]]; then
                pass="$($GPG -d "${GPG_OPTS[@]}" "$passfile" | $BASE64)" || exit $?
                echo "$pass" | $BASE64 -d
# This base64 business is because bash cannot store binary data in a shell
# variable. Specifically, it cannot store nulls nor (non-trivally) store
# trailing new lines.

and encrypting a password.

if [[ $multiline -eq 1 ]]; then
        echo "Enter contents of $path and press Ctrl+D when finished:"
        echo
        $GPG -e "${GPG_RECIPIENT_ARGS[@]}" -o "$passfile" "${GPG_OPTS[@]}" || die "Password encryption aborted."

Combining these two GPG commands sets the foundation for a bare bones and hackable password manager. I currently use the one I wrote, inspired by dcat on GitHub. This one-liner allows for integration with dmenu: pw get "$(pw ls | dmenu -l 10)" | xdotool type --clearmodifiers --file -.