โ— Shell
clean mode source โ†—

GitHub - hakmarkdev/passman: PassMan is a modern command-line password manager built in Rust.

A secure, collaborative, CLI-based password manager with end-to-end encryption.

PassMan is a modern command-line password manager built in Rust. It is designed for security-conscious users and teams who prefer terminal-based workflows. It features strong end-to-end encryption, multi-user collaboration capabilities, and comprehensive audit logging.

Features

  • ๐Ÿ”’ End-to-End Encryption: Uses Ed25519 for identity keys and AES-256-GCM for secret encryption.
  • ๐Ÿ‘ฅ Team Collaboration: Native support for sharing secrets among multiple users via public key cryptography.
  • ๐Ÿ“ Audit Logging: Tracks all changes (add, edit, delete, access) in an immutable changelog.
  • ๐Ÿช„ Interactive Wizards: Easy-to-use interactive prompts for adding and editing secrets.
  • ๐Ÿ“‹ Clipboard Integration: Securely copy passwords to your clipboard with automatic clearing (TTL).
  • ๐Ÿ”‘ Password Generation: Built-in strong password generator with customizable complexity.
  • ๐Ÿค– Automation Friendly: JSON output support for easy integration with scripts and other tools.

Quick Start

  1. Initialize the Vault:

  2. Add a Password:

    passman add social/github --username myuser --email me@example.com
# Or simply run interactive wizard:
passman add social/github

  3. Get a Password:

    passman get social/github

  4. Copy Password to Clipboard:

    passman clip social/github

Usage Guide

๐Ÿ” Key Management

Manage your cryptographic identity keys.

  • Create a new key: 
    passman keys create <key-name>
  • List keys: 
    passman keys list
passman keys list --json
  • Import a public key (for team members): 
    passman keys add <member-name> <path-to-public-key>

๐Ÿ“ฆ Vault Management

Manage the vault and its members.

  • Initialize vault:
  • Add a member to the vault: 
    passman vault add <member-name> <path-to-public-key>
  • List vault members: 
    passman vault list
passman vault list --json

๐Ÿ”‘ Secret Management

CRUD operations for your secrets.

  • Add a secret: 
    passman add <path>
# Example: passman add servers/prod-db
  • List secrets: 
    passman list
passman list --json
  • Read a secret: 
    passman get <path>
passman get <path> --field password
passman get <path> --field email
  • Copy to Clipboard: 
    passman clip <path>
passman clip <path> --field username
passman clip <path> --ttl 30s
  • Edit a secret:
  • Delete a secret:
  • Move/Rename a secret: 
    passman mv <old-path> <new-path>

๐Ÿ›  Utilities

  • Generate a Password: 
    passman gen --length 20 --symbols
  • View Changelog: 
    passman changelog
passman changelog --json
passman changelog --csv
  • View Statistics: 
    passman stats
passman stats --json

Configuration

PassMan uses a configuration file to store user preferences.

  • Location: ~/.passman/config.yaml
  • Purpose: Currently used to configure default settings for the password generator.

Default Configuration

length: 16
include_digits: true
include_symbols: true
include_uppercase: true
no_ambiguous: false

You can edit this file to change your default password generation preferences. CLI arguments (e.g., passman gen --length 20) will always override these settings.

Collaboration Workflow

PassMan allows multiple users to share a single vault.

  1. Alice initializes the vault and creates her key.
  2. Bob creates his key pair (passman keys create bob) and sends his public key (bob.pub) to Alice.
  3. Alice adds Bob to the vault: 
    passman vault add bob ./bob.pub
  4. Now, any secret Alice adds or edits will be encrypted for both Alice and Bob.
  5. Bob can sync the vault (e.g., via git) and decrypt secrets using his private key.

Development & Testing

The project includes scripts to simulate usage scenarios.

  • Single User Test:
  • Multi-User Collaboration Test: 
    ./scripts/multiple_users.sh

License

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.