A week ago I've published pwd on github, posted an article about it on my site, and promoted it on reddit. People generously gave it 7 stars on github and 31 upvotes on reddit (89% positive), and read the article 340 times. It could be better so if you like the idea of a console tool that helps you manage your passwords, please help: more stars on github and reposts can make a difference.

The tool got a lot of new features and code improvements and it is still less than 400 lines (this code is a piece of art)! Looking for simple cross-platform solutions was fun. There some updates:

  • The tool now has a test suite. This is also a script file that includes the main one and runs tests. It is now checks compatibility with openssl, parsing of replace regex, and tests some other methods. Run it with dotnet script pwd.test.csx -- -t.
  • Directory reader now skips file names that start with dot, like .gitignore.
  • New command for generating passwords: .pwd. Prints a password created by PasswordGenerator.
  • New command for creating new files: .add <name>. Copies the lines typed until the first new line. Substitutes *** with a password generated by PasswordGenerator.
  • New command for editing files in an external text editor, like nano or vim. .edit <editor>? command saves the current content into a temporary file, opens it in an editor, waits for it to exit and moves content from temporary file to the password file. When <editor> is not specified, tries to get it from the environment variable EDITOR.
  • New command .open <path> opens an encrypted password file from any location.
  • New command .rm deletes the opened file.
  • New command .rename <name> renames the opened file.
  • New command .archive sends the current file to the folder .archive. As this folder begins with ., the directory reader will not display this folder in the list of encrypted files. Archived files are checked when the tool starts and can be opened with .open.
  • New command .cc <name> copies value of a <name>: <value> pair to clipboard. For Windows and WSL clip.exe is used, pbcopy is for mac and xclip is for Linux. There are two shortcuts: .ccu for .cc user and .ccp for .cc password.

I've used this tool to review 450 of my passwords: update less secure passwords with strong ones, remove defunct services, archive not frequently used passwords.

An excellent example of how the chosen approach of relying on console tools and open standards has payed out: I've installed Termux on my new Android phone, added packages openssl , openssh, and git, cloned my passwords repository and decrypted the passwords file with openssl aes-256-cbc -d -salt -pbkdf2. Now I have all my passwords on the phone without any specific application that I'm bound to and I use the same console commands that I use on Windows and mac. It is actually quite cool!