Espy - Emacs Simple Password Yielder
To espy is to see something at a distance which is what this package is about. This package allows users to fetch a password or a username from a file without visiting it.
This package is kept deliberately short to allow for easy manual checks as to minimize the “hijacked account” attack vector and should ideally be stored without automatic updates.
This solution compared to other password solutions (pass, keepass, etc)
- No dependencies (if you want to encrypt your password file you need a encrypter. GPG works best for emacs because of epa)
- Supports use of any or no file encrypters (anything other than GPG or no encrypter might not work out of the box with espy, but could probably be added easily)
- A decrypted password file can be opened and edited using any text editor (difficult to do in keepass)
- Easily change format of password file to fit your favorite major mode.
- Org mode support (not possible in keepass)
- Support for both symmetric encryption (not supported by pass) and asymmetric encryption (not officially supported by keepass) when encrypting with GPG
- When accessing password file in emacs all emacs related security problems are present (e.g every package has full access to everything in emacs), same as with every other emacs password manager
First select the directory of your password file by changing
(setq espy-password-file "~/my-passwords.org.gpg")
M-x espy-get-user or
M-x espy-get-pass to select which username or password you want to copy to the killring.
Keep in mind that the username or password will stay in the killring even after being pasted, to fix this you could bind
(progn (pop kill-ring) (message "Top killring entry cleared")) which removes the top entry in the killring or setup a timer that removes the last entry in the killring.
M-x espy-user and
M-x espy-pass uses do detect usernames and passwords and headings can be modified by changing
espy-pass-prefix. By default it expects org headings (“*”) followed by a username (“user: “) and a password (“pass: “).