jpm is a password manager using openssl and signify (and optionally xclip). Technically, it doesn’t have anything to do with passwords, it just manages encrypted and signed files.
jpm expects Ruby 2.6+ to be installed at /usr/local/bin/ruby. Adjust the shebang if Ruby is installed elsewhere. It does not work on Ruby versions before Ruby 2.6.
openssl and signify must be in the PATH. xclip must be in the PATH if using the clip command.
# Create ~/.jpm directory structure and openssl and signify keys jpm init # Add Foo entry, opening editor, then asking for password to sign jpm add Foo # Displays Foo entry, asking for password to decrypt jpm show Foo # Lists entries jpm ls # Output: # Foo # Search for entry using case insensitive regular expression # and display matching entry names jpm find f.o # Output: # Foo # Shows a single entry using case insensitive regular expression, # or a menu to select one of the matching entries jpm s f.o # Verifies all entries have valid signatures jpm verify # Rotates secrets, decrypting files with the current secrets, # and encrypting and signing the files with the new secrets. # Asks for the password for current secret (to decrypt) and # password for new secret (to sign). jpm rotate # Removes Foo entry jpm rm Foo # Add Bar entry, opening editor, then enter incorrect password jpm add Bar # Sign Bar entry (so you don't need to enter plaintext again), # asking for password to sign jpm sign Bar # Rename Bar entry to Baz jpm mv Bar Baz # Copy first line of Baz entry to primary selection, # asking for password to decrypt jpm clip Baz
JPM_DIR-
The encrypted storage directory to use (defaults to
~/.jpm) JPM_READ_PASS-
Set to
stdinto read password from stdin
It is possible to use jpm on Windows. You need to have a Windows version of signify and openssl. One option for signify is github.com/badboy/signify-rs. One option for openssl is curl.se/windows/dl-7.83.1/ (or other newer version).
As signify-rs does not yet support reading passwords from stdin, when using jpm init, you’ll have to input the signify password separately, twice. Additionally, jpm rotate will not work.
jpm is based on opm by Robert Nagy: github.com/rnagy/opm
jpm follows the same basic approach as opm, using openssl smime to encrypt and decrypt and signify to sign and verify entries.
Differences between jpm and opm:
-
Removed features
-
No command aliases
-
No groups
-
Only options are -d and -h
-
No man page
-
-
Added features
-
initcommand to initialize secrets/directories -
rotatecommand for secret rotation -
clipcommand to copy first line of file to primary clipboard (usingxclip) -
signcommand to sign afteraddfails due to password issue -
mvcommand to rename entries -
scommand to show entry by regular expression, or menu to select entries -
This README
-
-
Changed features
-
addalways uses editor -
verifyreports entries without signatures
-
-
Uses same password for
opensslandsignify-
Only enter password once
-
-
Written in ruby and not sh
-
Usable as a library
-
Jeremy Evans <code@jeremyevans.net>