Home / Ruby / Security

jpm is a password manager using openssl and signify (and optionally xclip)

jpm is a password manager using openssl and signify (and optionally xclip). Technically, it doesn't have anything to do with passwords, it just manages encrypted and signed files.

jpm

jpm is a password manager using openssl and signify (and optionally xclip). Technically, it doesn't have anything to do with passwords, it just manages encrypted and signed files.

Requirements

jpm expects Ruby 2.6+ to be installed at /usr/local/bin/ruby. Adjust the shebang if Ruby is installed elsewhere. It does not work on Ruby versions before Ruby 2.6.

openssl and signify must be in the PATH. xclip must be in the PATH if using the clip command.

Usage 

# Create ~/.jpm directory structure and openssl and signify keys
jpm init

# Add Foo entry, opening editor, then asking for password to sign
jpm add Foo

# Displays Foo entry, asking for password to decrypt
jpm show Foo

# Lists entries
jpm ls
# Output:
# Foo

# Search for entry using case insensitive regular expression
jpm find f.o
# Output:
# Foo

# Verifies all entries have valid signatures
jpm verify

# Rotates secrets, decrypting files with the current secrets,
# and encrypting and signing the files with the new secrets.
# Asks for the password for current secret (to decrypt) and
# password for new secret (to sign).
jpm rotate

# Removes Foo entry
jpm rm Foo

# Add Bar entry, opening editor, then enter incorrect password
jpm add Bar 

# Sign Bar entry (so you don't need to enter plaintext again),
# asking for password to sign
jpm sign Bar 

# Rename Bar entry to Baz
jpm mv Bar Baz

# Copy first line of Baz entry to primary selection,
# asking for password to decrypt
jpm clip Baz

Environment Variables

JPM_DIR

The encrypted storage directory to use (defaults to ~/.jpm)

JPM_READ_PASS

Set to stdin to read password from stdin

History

jpm is based on opm by Robert Nagy: github.com/rnagy/opm

jpm follows the same basic approach as opm, using openssl smime to encrypt and decrypt and signify to sign and verify entries.

Differences between jpm and opm:

  • Removed features

    • No command aliases

    • No groups

    • Only options are -d and -h

    • No man page

  • Added features

    • init command to initialize secrets/directories

    • rotate command for secret rotation

    • clip command to copy first line of file to primary clipboard (using xclip)

    • sign command to sign after add fails due to password issue

    • mv command to rename entries

    • This README

  • Changed features

    • add always uses editor

    • verify reports entries without signatures

  • Uses same password for openssl and signify

    • Only enter password once

  • Written in ruby and not sh

    • Usable as a library

Author

Jeremy Evans <[email protected]>

Information
Category: Ruby / Security
Watchers: 1
Star: 8
Fork: 0
Last update: Jun 10, 2020

Contents
    Resource links
    https://github.com/jeremyevans/jpm
    Share this repo
    Most popular
    brunofacca Checklist of security precautions for Ruby on Rails applications.
    eliotsykes :key: Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)
    ankane Modern encryption for Rails
    palkan Authorization framework for Ruby/Rails applications
    basecamp Sign in (or up) with Google for Rails applications
    kbsecret A secret manager backed by Keybase and KBFS.
    vonahisec This tool is used to map out the network data flow to help penetration testers identify potentially valuable targets.
    jeremyevans Freeze all core ruby classes
    metaware Underlock makes it dead simple to encrypt and decrypt your data and files. It comes with little to no dependencies and has a very small API surface.
    luolinae86 Ruby sensitive filter using DFA algorithm

    Related Repos


    Security
    748
    Authorization framework for Ruby/Rails applications
    palkan Action Policy Authorization framework for Ruby and Rails applications. Composable. Extensible. Performant. 📑 Documentation Resources RubyRussia, 2019 "Welcome, or access denied?" talk (video [RU],
     
    Security
    955
    Modern encryption for Rails
    ankane Lockbox 🔒 File encryption for Ruby and Rails Supports Active Storage and CarrierWave Uses AES-GCM by default for authenticated encryption Makes key rotation easy Check out this post for more info on securing se
     
    Security
    234
    This tool is used to map out the network data flow to help penetration testers identify po...
    vonahisec This tool is used to map out the network data flow to help penetration testers identify potentially valuable targets
     
    Security
    8
    jpm is a password manager using openssl and signify (and optionally xclip)
    jeremyevans jpm is a password manager using openssl and signify (and optionally xclip). Technically, it doesn't have anything to do with passwords, it just manages encrypted and signed files.
     
    Security
    14
    CVE-2020-8163 - Remote code execution of user-provided local names in Rails
    sh286 CVE-2020-8163 - Remote code execution of user-provided local names in Rails
     
    Security
    30
    Ruby sensitive filter using DFA algorithm
    luolinae86 Ruby sensitive filter using DFA algorithm
     
    Security
    12
    Exports primitive and predefined GCP IAM Roles and their permissions
    darkbitio This repository fetches the ~550 primitive and predefined IAM Roles in JSON format to the roles directory. A GitHub Action is configured to refresh them daily. This allows for automatic tracking of changes as they are made by GCP.
     
    Security
    26
    Application-level encryption for Redis and Memcached
    ankane Encrypts keys, values, list elements, set members, and hash fields while still being able to perform a majority of operations 🎉