Permalink
Browse files

Migrate some changes from the remote-storage branch to the master bra…

…nch, mostly support for the --notes option.
  • Loading branch information...
1 parent 99eb4ae commit 880f8326dd3c24a4aaf10f9c49e3e5effc4c002c @jcoglan committed Dec 12, 2013
Showing with 426 additions and 180 deletions.
  1. +59 −35 README.markdown
  2. +5 −2 bin/vault
  3. +106 −45 node/cli.js
  4. +57 −0 node/editor.js
  5. +78 −27 node/local_store.js
  6. +27 −0 node/usage.txt
  7. +9 −12 package.json
  8. +85 −59 spec/node/cli_spec.js
View
@@ -1,54 +1,57 @@
# vault [<img src="https://secure.travis-ci.org/jcoglan/vault.png" />](http://travis-ci.org/jcoglan/vault)
-Simple password generator. Given a passphrase and the name of a service, returns
-a strong password for that service. You only need to remember your passphrase,
-which you do not give to anyone, and this program will give a different password
-for every service you use. The passphrase can be any text you like.
+`vault` is a simple password manager. Given a passphrase and the name of a
+service, it returns a strong password for that service. You only need to
+remember your passphrase, which you do not give to anyone, and `vault` will give
+a different password for every service you use. The passphrase can be any text
+you like.
Given the same passphrase and service name, the program will generate the same
-result every time, so you can use it to 'look up' those impossible-to-remember
+result every time, so you can use it to look up those impossible-to-remember
passwords when you need them.
-According to [Dropbox's zxcvbn password strength measure](http://dl.dropbox.com/u/209/zxcvbn/test/index.html),
-if your dictionary English password takes about a second to crack, those
-generated by `vault` take over a million times the age of the observable
-universe to crack by brute force.
+According to [Dropbox's zxcvbn password strength
+measure](http://dl.dropbox.com/u/209/zxcvbn/test/index.html), if your dictionary
+English password takes about a second to crack, those generated by `vault` take
+over a million times the age of the observable universe to crack by brute force.
## Why?
-I have a terrible memory and like keeping my stuff safe. [Strong service-specific
-passwords are hard to remember](http://xkcd.com/936/), and many services [have
-stupid restrictions on passwords](http://me.veekun.com/blog/2011/12/04/fuck-passwords/).
-I want to remember one phrase and have a machine deal with making my passwords
-strong.
+I have a terrible memory and like keeping my stuff safe. [Strong
+service-specific passwords are hard to remember](http://xkcd.com/936/), and many
+services [have stupid restrictions on
+passwords](http://me.veekun.com/blog/2011/12/04/fuck-passwords/). I want to
+remember one phrase and have a machine deal with making my passwords strong.
## Installation
-This program is written in JavaScript. It provides a CLI and a web-based interface.
-The command line interface is available as a Node program. To install with npm run:
+This program is written in JavaScript. It provides a CLI and a web-based
+interface. The command line interface is available as a Node program. To
+install with npm run:
npm install -g vault
To enable tab-completion for bash, add this to your .bashrc scripts:
which vault > /dev/null && . "$( vault --initpath )"
-If you want to use the web interface provided with vault (like https://getvau.lt/) you need
-to serve the static files found in the `web` folder using your favourite web server.
+If you want to use the web interface provided with vault (like
+https://getvau.lt/) you need to serve the static files found in the `web` folder
+using your favourite web server.
## Usage
The most basic usage involves passing your passphrase and the service name; when
-you pass the `-p` flag you will be prompted for your passphrase:
+you pass the `--phrase` or `-p` flag you will be prompted for your passphrase:
$ vault google -p
Passphrase: *********
2hk!W[L,2rWWI=~=l>,E
-You can set the desired length using `-l`:
+You can set the desired length using `--length` or `-l`:
$ vault google -p -l 6
Passphrase: *********
@@ -80,16 +83,16 @@ Available character classes include:
Finally, some sites do not allow passwords containing strings of repeated
characters beyond a certain length. For example, a site requiring passwords not
to contain more than two of the same character in a row would reject the
-password `ZOMG!!!` because of the 3 `!` characters. Vault lets you express this
-requirement using `-r` or `--repeat`; this option sets the maximum number of
-times the same character can appear in a row.
+password `ZOMG!!!` because of the 3 `!` characters. `vault` lets you express
+this requirement using `--repeat` or `-r`; this option sets the maximum number
+of times the same character can appear in a row.
$ vault google -p -r 2
-## Using your private key
+## Using your SSH private key
-Instead of a simple passphrase, `vault` can use a value signed using your
+Instead of a simple passphrase, `vault` can use a value signed using your SSH
private key as its input. Use the `--key` or `-k` option:
$ vault twitter -k
@@ -106,9 +109,9 @@ If you only have one private key, that is used automatically. If you have
several, a menu is displayed as above using snippets from the corresponding
public keys. You will be prompted to unlock the selected key if necessary.
-Note that all the prompts shown to you while using `vault` are printed to
-`stderr` and the generated password to `stdout`, so you can pipe `vault` to
-`pbcopy` and you'll just get the password in your clipboard, i.e.:
+Note that all the prompts shown to you while using `vault` are printed to stderr
+and the generated password to stdout, so you can pipe `vault` to `pbcopy` and
+you'll just get the password in your clipboard, i.e.:
$ vault twitter -k | pbcopy
@@ -181,14 +184,35 @@ file. This can be used, for example, to change the encryption key:
$ VAULT_KEY=oldkey vault --export settings.json
$ VAULT_KEY=newkey valut --import settings.json
-Or, you can use it if Vault changes its encryption algorithm in the future. Just
-use your current installation to export the settings, upgrade, then import.
+Or, you can use it if `vault` changes its encryption algorithm in the future.
+Just use your current installation to export the settings, upgrade, then import.
$ vault --export settings.json
$ npm install -g vault
$ vault --import settings.json
+## Notes
+
+You can save notes for any of the services you use. Notes are stored in the
+service's settings, but are not used for generating passwords. To edit the notes
+for a service, use `--config` with `--notes` or `-n`:
+
+ $ vault -c -n google
+
+This opens your `$EDITOR` where you can edit the notes. When you save the file
+and close the editor, the updated notes will be saved into your `.vault` file.
+
+When you ask for the password for a service, `vault` will print any notes you
+have saved for it. It prints the password to stdout and the notes to stderr, so
+you can pipe the password to the clipboard if you like and still the notes
+printed in your terminal.
+
+ $ vault google | pbcopy
+
+ The notes will appear here. The password is saved to the clipboard.
+
+
## Deleting saved settings
You can delete any saved setting using the `--delete`, `--delete-globals` and
@@ -216,8 +240,8 @@ constraints. This design means that each password is very hard to break by brute
force, and ensures that the discovery of one service's password does not lead to
other accounts being compromised. It also means you can tailor the output to the
character set accepted by each service. The use of a deterministic hash function
-means we don't need to store your passwords since they can easily be regenerated;
-this means there's no storage to sync or keep secure.
+means we don't need to store your passwords since they can easily be
+regenerated; this means there's no storage to sync or keep secure.
## License
@@ -228,9 +252,9 @@ Copyright (c) 2011-2013 James Coglan
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the 'Software'), to deal in
-the Software without restriction, including without limitation the rights to use,
-copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the
-Software, and to permit persons to whom the Software is furnished to do so,
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
View
@@ -28,11 +28,14 @@ var readline = (parseInt(version[2], 10) <= 6)
var cli = new CLI({
config: {path: path, key: key},
- output: process.stdout,
+ stdout: process.stdout,
+ stderr: process.stderr,
tty: tty.isatty(1),
confirm: function(message, callback) {
- readline().question(message + ' (Y/n): ', function(input) {
+ var rl = readline();
+ rl.question(message + ' (Y/n): ', function(input) {
+ rl.close();
callback(input === 'Y');
});
},
Oops, something went wrong. Retry.

0 comments on commit 880f832

Please sign in to comment.