The Gregory Jay Blog

My Password Manager

The first real password manager I used was lastpass and it worked really well, stored usernames, passwords and comments etc. But after using lastpass for a while I read about a security breach they had (though I don't think any sensitive information was taken.) It was at this time that I started doing regular exports of my lastpass data and where better to save them but in a truecrypt container (this was way before it stopped being maintained.) Exporting my data made me feel somewhat safer, if there was another breach and details got stolen or data got wiped, I just needed to use my backup to go to each site and change my passwords. I didn't think much more of it until I read about lastpass being sold to another company, LogMeIn.

This was around the time that I was reevaluating and reassessing who I wanted to be storing and getting their hands on my data. I was working in the IT department of a Biotech company in Beijing and so security was something I was constantly thinking about at work, it got to a point that I had start applying the same ideas to my personal data. I had previously been using dropbox, google drive, onedrive, evernote etc. And so I started the process of 'degoogleing' myself - But thats for another post...

My first idea was to import the .xml file from lastpass into a spreadsheet and keep that in a truecrypt container but it was far too clunky a process to get a password; opening the container, opening the spreadsheet finding the website and login details then copying and pasted as needed.

I realised I needed to find another program with similar functionality and so I made a list of requirements in order of priority, which looked something like this:

The only other program I seriously considered using was Keepassx which fulfills all of the requirements however I just didnt find it quick enough. Coming from lastpass which would log me in automatically or at least have my password pasted and ready for me to log in, having to open keepass just seemed to be too much of a stall to my workflow. So I thought I'd just have to build something myself that would better do what I wanted.

I decided to use sqlite for my database as I've used it before and am fairly familiar with it, its simple enough and the database file can be easily synced. As I use the BASH shell on all my machines I decided to write my script in bash, though I'd make it posix compliant if anyone wanted it. And as long as I have the container file I can still manually decrypt it and query the database if I ever needed to. DMenu is used for selecting the password wanted which is brought up instantly from a keybinding and copies the password straight to my clipboard using xclip ready to be pasted. The script has gone through many iterations, I now use it to add, delete and get passwords rather than having 3 seperate scripts as I was before. I'm still using Truecrypt now as I don't really see a need to move to veracrypt or an alternative but as far as I'm aware this would still work on veracrypt.

I have now been using this script as my only password manager for over 5 years and I'm quite happy with it. I use a key file on a USB stick to decrypt the Truecrypt file container, as having a long password was slowing me down a little, I think this is a good compromise.

It doesn't meet all the requirements (It doesn't generate passwords, yet.) But I'm happy enough with it.

The script can be found on my github.

Greg is a true Sinophile, fluent in Chinese and proficient in Tibetan he is a homeschooling Dad that also consults on the side. You'll often find him cigar in mouth, book in hand, waiting for someone to finish their work or for the coffee to brew.