pwdrive is a GnuPG and Google Drive-based password vault written in Bash. Passwords are stored as GnuPG-encrypted files on Google Drive.
$ pwdrive set aol leetpw # Store encrypted entry $ pwdrive ls # List entries aol $ pwdrive get aol # Fetch and decrypt entry leetpw
In addition to Bash, the following programs need to be in
gpg curl grep mktemp mkdir cat base64 sort
You also need a working GPG setup:
How it works
For the encryption half, passwords are encrypted via GnuPG in 2048-bit RSA by
default. They are then base64-encoded and uploaded to Google Drive storage.
Access to Google Drive requires an OAuth token (granted by the end-user) which
is stored at
~/.pwdrive/refresh_token by default.
For the decryption half, again an OAuth token is required to download the encrypted password via the Google Drive API. The same private key used to encrypt the password is needed at decrypt time. If the key is password-protected (recommended) you need that as well. Note that there may be an agent running on your system that remembers your GPG key passwords for some period of time.
All traffic to and from Google is transported over HTTPS.
So, as per usual, the main thing to keep safe is your GPG key.
The OAuth token in
~/.pwdrive is regenerateable if it is lost or if it
expires. Simply delete it and pwdrive will prompt you to create another one. If
the token is stolen, an attacker will have access to encrypted password content
which is very difficult to brute force without the GPG key.
Usage: pwdrive <command> [argv] Commands: ls List all entries ls <str> List all entries prefixed by str set <entry> <pass> Set password for entry set <entry> - Set password for entry from stdin get <entry> Get password for entry lget <str> Get entry matching str, or ls if multiple edit <entry> Edit password for entry via $EDITOR rm <entry> Remove entry token Print an access token gen Generate some random passwords help Show pwdrive usage Environment: EDITOR Editor to use with edit (vim) PWDRIVE_ACCESS_TOKEN Use this access token instead of fetching one PWDRIVE_HOME Home dir of pwdrive (~/.pwdrive) PWDRIVE_GPG_ARGS Extra args for get/set (--no-options --default-recipient-self --quiet)
To install to
# make install
To install to a custom directory, supply
# DESTDIR=/usr/bin make install
In order to minimize dependencies,
grep -P is used to extract JSON fields
from the Google Drive API. Naturally this is not ideal. If you stick to
entry params, things should work.