pasejo

pasejo (esperanto for passage) is a re-implementation of passage. It uses age keys for encryption and decryption, stores all your passwords locally, and offers a simple command line interface.

It saves all your secrets in one single encrypted file, and has built-in support to synchronize with a remote repository using Git, Mercurial, or Pijul.

NOTE: pasejo relies on the age crate which itself is in beta and not intended for production use. Therefore, this project is not intended for production use either. Use at your own risk.

Installation

You can install pasejo using cargo:

$ cargo install pasejo

Alternatively, you can download the latest version from the release page and extract the archive. The binary is named pasejo and can be run directly from the extracted folder.

Concepts

Store

A store is an encrypted file that contains the secrets and recipients. You can create multiple stores to organize your secrets. Each store is encrypted with the keys of the registered recipients. You can decrypt stores with a matching identity file.

Identity

An identity is a private key used to decrypt stores. You can add multiple identities for different stores. Identities can be used for multiple stores as well as registered globally for all stores.

Recipient

A recipient is a public key used to encrypt stores. You can add multiple recipients for different stores.

Secret

A secret is an arbitrary text stored in a store. You can add, remove, and list secrets in a store. Secrets are encrypted with the keys of the registered recipients. You can decrypt secrets with a matching identity file.

Usage

Add a new store to your configuration first:

$ pasejo stores add --path path/to/store --name some-name

Add an age identity file to your store:

$ pasejo identity add --file path/to/age/private/key

Add an age recipient file to your store:

$ pasejo recipient add --file path/to/age/public/key

Add a new secret to your store:

$ pasejo secret add some-secret

Show a secret in your store:

$ pasejo secret show some-secret

See pasejo help for more details.

How-to guides

Create age identity files

You can create age identity files using the age-keygen command line tool. For example, to create a new identity file, run:

$ age-keygen --output path/to/age/private/key

This will create a new identity file at the specified path. You can then use this file to decrypt stores.

Create age recipient files

You can create age recipient files using the age-keygen command line tool. For example, to create a new recipient file, run:

$ age-keygen -y > path/to/age/public/key < path/to/age/private/key 

This will create a new recipient file at the specified path. You can then use this file to encrypt stores.

Use SSH keys

The age crate supports SSH keys as well. You can re-use existing SSH keys as identity and recipient files. For example, to add an SSH key as an identity file, run:

$ pasejo identity add --file ~/.ssh/id_rsa --store some-name

To add an SSH key as a recipient file, run:

$ pasejo recipient add --file ~/.ssh/id_rsa.pub --store some-name

Alternatives

In case you are looking for something different, try these:

• passage
• pass
• pago
• pa
• kbs2
• seniorpw
• trespas
• gopass