README
¶
NAME
hush - tiny password manager
SYNOPSIS
hush [command [arguments]]
INSTALLATION
go install github.com/mndrix/hush/...
DESCRIPTION
hush is a password manager with a small, understandable code base.
Your secrets are stored in a tree with encrypted leaves. You can
organize the tree in whatever hierarchy you prefer.
The hush file (in $HOME/.hush by default) is a plaintext file with
a simple format reminiscent of YAML. It's designed to be kept
under version control, although that's not necessary. The file
also contains a cryptographic checksum to avoid unauthorized
modifications.
COMMANDS
This section contains a list of commands supported by hush. The
command name should be the second argument on the command line when
invoking hush.
export
Exports the decrypted contents of your hush file to stdout.
Each line represents a leaf and the path to that leaf. Each
line is split into two columns, separated by a tab character.
The first column is a slash-separated path. The second column
is the leaf's plaintext.
See also: import command
help
Displays this help text.
import
Imports plaintext paths and leaves from stdin into your hush
file. The input format is the same as that generated by
the export command.
See also: export command
init
Initializes a new hush file after prompting the user to
create a password. This command must be run before most of
the other commands can be run.
ls [pattern]
Lists all decrypted subtrees matching 'pattern'. If 'pattern'
is omitted, lists the entire tree.
See also: PATTERNS
rm path [path [path [...]]]
Removes each path, and its subtrees, from the hush file.
set path value
Sets the leaf at 'path' to have 'value'. The value is stored
encrypted in the hush file. The path is not encrypted.
If value is '-' then the leaf's value is read from stdin.
PATTERNS
A pattern matches paths within the tree. A pattern is first split
on '/' to generate subpatterns. Each subpattern describes a
descent one level deeper into the tree. At each level, a
subpattern matches all local paths which contain the subpattern as
a substring.
For example:
$ hush ls
paypal.com:
personal:
password: secret
work:
password: 123456
bitpay.com:
work:
password: 42 bitcoins
$ hush ls pay/work
paypal.com:
work:
password: 123456
bitpay.com:
work:
password: 42 bitcoins
ENVIRONMENT VARIABLES
This section describes environment variables which can be used to
change the default behavior of hush.
HUSH_ASKPASS
When hush needs to request a password, it runs the script
pointed to by this variable. The script is invoked with a
single argument: the text to use in the prompt. The script's
stdout is used as the password.
If you get tired of typing your password repeatedly, you can
set this variable to a script that caches your password.
If HUSH_ASKPASS is missing, hush prompts on the user's
terminal.
HUSH_FILE
Set this variable to the absolute path of your hush file.
The default, if empty, is $HOME/.hush
Documentation
¶
Index ¶
- func AskPassword(w io.Writer, prompt string) ([]byte, error)
- func CmdExport(w io.Writer, t *Tree) error
- func CmdHelp(w io.Writer)
- func CmdImport(r io.Reader, tree *Tree) ([]string, error)
- func CmdInit(w io.Writer, input *os.File) error
- func CmdLs(w io.Writer, tree *Tree, pattern string) error
- func CmdRm(tree *Tree, paths []Path) error
- func CmdSet(w io.Writer, tree *Tree, p Path, v *Value) error
- func Home() (string, error)
- func HushPath() (string, error)
- func Main()
- type Branch
- type Path
- type Privacy
- type Tree
- func (t *Tree) Checksum() []byte
- func (tree *Tree) Decrypt() *Tree
- func (t *Tree) Delete(paths ...Path) int
- func (t *Tree) Empty() *Tree
- func (tree *Tree) Encode() *Tree
- func (tree *Tree) Encrypt() *Tree
- func (t *Tree) Filter(pattern string) *Tree
- func (t *Tree) Len() int
- func (t *Tree) Less(i, j int) bool
- func (tree *Tree) Print(w io.Writer) error
- func (tree *Tree) Save() error
- func (t *Tree) SetPassphrase(password []byte) error
- func (t *Tree) Sort()
- func (t *Tree) Swap(i, j int)
- type Value
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AskPassword ¶
AskPassword asks the user for a password by presenting the given prompt. Users can point HUSH_ASKPASS environment at a script of their choice to change how passwords are collected. In either case, the provided password is returned along with any errors.
By default, the prompt is displayed on w and the password is read, without echo, from the terminal.
func CmdExport ¶
CmdExport writes tree t to w in a tab-separated format suitable for use with "hush import" and scripting.
This function implements "hush export".
func CmdImport ¶
CmdImport reads tab-separated lines from r adding the path-value pairs to tree. Returns a slice of warnings, if any.
This function implements "hush import".
func CmdInit ¶
CmdInit initializes the user's hush file, if it does not exist. Informative user messages are written to w. User input, if needed, is taken from input.
This function implements "hush init"
func CmdLs ¶
CmdLs prints to w that portion of tree which matches pattern.
This function implements "hush ls"
Types ¶
type Path ¶
type Path string
Path represents the sequence of keys needed to reach a particular node with a Tree.
func (Path) HasDescendant ¶
HasDescendant returns true if p is the parent of d.
func (Path) IsChecksum ¶
IsChecksum returns true if p is the path that stores the tree's HMAC.
func (Path) IsConfiguration ¶
IsConfiguration returns true if p is a path describing a portion of the tree which belongs to a hush configuration.
func (Path) IsEncryptionKey ¶
IsEncryptionKey returns true if p is the path that stores the user's encryption key.
type Privacy ¶
type Privacy int8
Privacy represents the desired level of privacy for a value. Either public or private.
const ( Public Privacy Private )
type Tree ¶
type Tree struct {
// contains filtered or unexported fields
}
func (*Tree) Delete ¶
Delete removes a path and all its descendants from the tree. Returns the number of branches removed.
func (*Tree) Empty ¶
Empty returns a copy of this tree with all the keys and values removed. It retains any other data associated with this tree.
func (*Tree) SetPassphrase ¶
SetPassphrase sets the password that's used for performing encryption and decryption.
type Value ¶
type Value struct {
// contains filtered or unexported fields
}
Value represents a string contained in the leaf of a Tree.
func CaptureValue ¶
CaptureValue converts a command line argument into a value. It handles sugar such as "-" (meaning "capture a value from stdin"). The captured value is assumed to be private.
func NewCiphertext ¶
NewCiphertext returns a new value representing the given plaintext.
func NewEncoded ¶
NewEncoded returns a new value representing an encoded text. The privacy determines whether it's interpreted as an encoded plaintext or ciphertext.
func NewPlaintext ¶
NewPlaintext returns a new value representing the given plaintext.
func (*Value) Ciphertext ¶
Ciphertext returns a version of this value that's been encrypted with the given key.
func (*Value) Decode ¶
Decode returns a version of this value that's had all base64 encoding removed. It's a noop if the value has already been decoded.
func (*Value) Encode ¶
Encode returns a version of this value that's been wrapped in base64 encoding. It's a noop if the value has already been encoded.
Source Files
Directories