comotion edited this page Oct 14, 2014 · 17 revisions


CPM is the Console Password Management tool, which allows you to securely store passwords and other key=value pairs in an encrypted XML tree. A single CPM database can be securely used by several people at the same time, see multiuser CPM. CPM passwords can be revision controlled, see revision control.

CPM is adopted here since I've fixed some minor issues of bit rot.

Install from package

Debian & Ubuntu

CPM is part of debian as of the wheezy distribution, and part of Ubuntu from 12.04 and onwards. If you are running wheezy or later, simply install CPM through apt:

me@mine:~# apt-get install cpm

Ubuntu Trusty (14.04)

Ubuntu 14.04 unfortunately has a bad version of CPM (0.28) which doesn't work very well due to bug #129929 ( Use the CPM packages from jessie, these will work:

Debian Wheezy

Backport of newer versions of CPM to wheezy for amd64 is available here:

deb wheezy main

To install, download the package and run

# dependencies
me@mine:~# apt-get install \
    libcdk5 libcrack2 libdotconf1.0 libgpg-error0 \
    libgpgme11 libxml2 libxml2-utils libpth20

# installation (replace with package appropriate for your arch and distro)
me@mine:~# dpkg -i cpm_0.31-1_i386.deb

Older versions

See the downloads section for Debian packages at

Quick Start

You need: a GPG key and 3 minutes of your time. Create the password database (only once):

me@mine:~$ create-cpmdb

Use your GPG key to encrypt the database. This puts a .cpmdb file in your home folder.

Run CPM and add your passwords! Exit by hitting ESC to save the keys.

me@mine:~$ cpm

and you have a working CPM install

For a good read on CPM go to

If you're sharing your CPM database with others, see revision control.

memlock limits

To avoid the memlock warning on cpm start, add the following to your /etc/security/limits.conf

@cpm - memlock unlimited

Where 'cpm' is a group that your user is a member of. An alternative is to allow all users unlimited memlock, which should be fine on a single-user laptop or desktop.

* - memlock unlimited

After changing this setting, you will need to log out and back in again, or reboot your machine.

Multiuser CPM

The two ways to do this are documented in multiuser CPM.

Doing it by hand

You can do everything the hard way... but most people prefer the "Quick Start" routines outlined above. If you still insist, below is a step-by-step guide to doing most everything manually.

Build dependencies

CPM needs cdk, cracklib, dotconf, gpgme, ncurses, gettext and zlib to build.

apt-get install libcdk5 libcdk5-dev \
  cracklib-runtime cracklib2 cracklib2-dev \
  libdotconf1.0 libdotconf-dev \
  libgpgme11 libgpgme11-dev \
  libncurses5 libncurses5-dev \
  libxml2-dev libxml2-utils \
  zlib1g zlib1g-dev gettext


./configure --with-crack-dict=/var/cache/cracklib/cracklib_dict make


make install

CPM must be SUID root to aquire the necessary locks to safely store your passwords. Set up the right bits:

chown root:root /usr/local/bin/cpm
chmod +s /usr/local/bincpm


Set up your password db if you don't have one already:

cp conf/cpmrc-default ~/.cpmrc
cd share/cpm
./ general passwordsafe/example.txt
cp -i cpm_convert.db ~/.cpmdb

And you are ready to go! RPMS package contributions are gratiously accepted!

Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.