lockbox

module

v1.2.0 Latest Latest Go to latest Published: Apr 23, 2024 License: GPL-3.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/enckse/lockbox

Links

Open Source Insights

README ¶

Lockbox

A pass inspired password manager that uses a system keyring or command for password input over using a GPG key and uses a keepass database as the backing data store.

usage

upfront

While lb uses a .kdbx formatted file that can be opened by a variety of tools, it is highly opinionated on how to store data in the database. Any .kdbx used with lb should be managed by lb with a fallback ability to use other tools to alter the/view the file otherwise. Mainly lockbox itself is using a common format so that it doesn't lock a user into a custom file format or dealing with gpg, age, etc. files and instead COULD be recovered via other tooling if needed.

environment

The following variables must be set to use lb, they can also be set via an explicit environment file just for lb, following the rules of the parser

# the keying object to use to ACTUALLY unlock the passwords (e.g. using a gpg encrypted file with the password inside of it)
LOCKBOX_KEY="gpg --decrypt /Users/alice/.secrets/key.gpg"
# the location, on disk, of the password store
LOCKBOX_STORE=/Users/alice/.passwords/secrets.kdbx

Use lb help verbose for additional information about options and environment variables

supported systems

lb should work on combinations of the following:

linux/macOS/WSL
zsh/bash/fish (for completions)
amd64/arm64

usage

clipboard

Copy entries to clipboard

lb clip my/secret/password

insert

Create a new entry

lb insert my/new/key
# or
lb multiline my/new/multi
# for multiline inserts

list

List entries

lb ls

remove

To remove an entry

lb rm my/old/key

show

To see the text of an entry

lb show my/key/value

totp

To get a totp token

lb totp show token
# 'token' must contain an entry with the name of LOCKBOX_TOTP

The token can be automatically copied to the clipboard too

lb totp clip token

rekey

To rekey (change password/keyfile) use the rekey command

lb rekey -store=path/to/new/db.kdbx -key="mynewkey" -keymode="plaintext" -keyfile="my/new/keyfile"

completions

generate shell specific completions (via auto-detect using SHELL)

lb completions

git integration

To manage the .kdbx file in a git repository and see actual text diffs add this to a .gitconfig

[diff "lb"]
    textconv = lb conv

Setup the .gitattributes for the repository to include

*.kdbx diff=lb

build

Requires make

Clone this repository and:

make

run make check to run tests

Directories ¶

Path	Synopsis
cmd provides the binary runs or calls lockbox app.	provides the binary runs or calls lockbox app.
internal
app Package app common objects	Package app common objects
backend Package backend handles kdbx interactions	Package backend handles kdbx interactions
config Package config handles user inputs/UI elements.	Package config handles user inputs/UI elements.
platform Package platform handles platform-specific operations around clipboards.	Package platform handles platform-specific operations around clipboards.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL