I often use this bash-alias for compressing and encrypting folders, for uploading them to the cloud:
alias zzz="7z a -mhe=on -mmt=on -t7z -p9IpxHulB3tJWqxINeSbs5Ojeju -mx=9"
So I type for example:
zzz ~/myuploadfoder/documents.7z ~/Documents
In this case my passphrase stands in “clear text” in my bashrc file.
Is there any way to “kind of hash” this passphrase, so that it is not readable (so that I could even public this bashrc file on gitlab or so, just an example) ?
show [options] <database> <entry>
Shows the title, username, password, URL and notes of a database entry. Can also show the current TOTP. Regarding the occurrence of multiple entries with the same name in different groups, everything stated in the clip command section also applies here.
So something like: $(keepassxc-cli show [options] <database> <entry>) but you’d need to see if there’s an option to put out just the password.
If not you’ll need to parse it with something like awk. If you can post the output (change the password first) I can assist with parsing.
Perhaps a solution I use for my local setup might help. I encrypt my passwords with gpg in a local hidden file. Then I use a one-liner to call gpg to fetch the target password from the list as needed. Within the script, gpg prompts me for the cipher passphrase which must be successfully submitted before the password is displayed.
Here are the steps to set this up:
create a text based file using the format [site] [password] with one set per line. example: aol.com letmein neopets.com pass1234 astalavista.com theOldDayz
Name the file something like .access_list.txt and put it in your home directory
Encrypt .access_list.txt with gpg using a cipher passphrase
gpg -c .access_list.txt
You will be prompted for the passphrase twice for confirmation
A new file will be created that is now named .access_list.txt.gpg
Delete the plain text file .access_list.txt (we don’t want the plain text file laying around)
Write a script to decipher the file and grep the target password. Put the following one-liner in your path and name it something like forgetmenot.sh and make it executable.
gpg -d ~/.access_list.txt.gpg | grep -i “$1”
When you need the password for aol, open a terminal, enter forgetmenot.sh aol
You will be prompted to enter your passphrase and when done successfully, the password for “aol” will be shown on the command line. From there it could be manipulated to be used in other scripts as necessary.
If you need to modify the file in the future just enter gpg .access_list.txt.gpg and the original text file will be restored. Modify it. Encrypt it as above. Rinse and Repeat.
Perhaps. I don’t know what Pass does; so I’ll have to look into it. Pass doesn’t come preinstalled on my current distro (Ubuntu Studio 20.04) as gpg did. But I see that Pass is in the PPA. Thanks for the tip.
Pass is in the official Ubuntu repo, simply called pass.
It is also just a single bash file (with additional files if you want auto completion or to import from other password managers), so you can just place that file anywhere in your PATH, make it executable and run it.
I can highly recommend Pass and it seems like it fits into your use case perfectly, since you are already gpg encrypting simple text files containing passwords.
Also, Pass has builtin support for git, so you can version control your password files.