2011/08/15

Password management with TrueCrypt and Dropbox

Maintaining passwords for multiple servers across multiple development environments is a pain. A few weeks back there was a downed service on one of my servers and I was at a computer without my passwords and hosts files. The debugging session that followed required hopping through multiple servers and in general took a lot longer than it should.

I decided to use DropBox and TrueCrypt to setup a secure password file that was synchronized across all of my environments. The setup for both is dirt simple. I created a 10mb encrypted file called SAFEFILE in my Dropbox, then add a passwords.txt to it.

Then I evolved some code a friend threw my way for generating passwords. Creating a password and storing it directly in my passwords.txt file, and retrieving it is now a snap. The functions copy the password directly to the clipboard for easy pastin.

Adding my other dotfiles to my Dropbox and symlinking them to my home directory keeps me standard across any environment I use.

Generate a random string 30 chars long for test.account:

# generates a password like: ole2iUmIGwDxtC9xVqPZiEr34ZJVwD
jmooberry@local ~ : genpass 30 test.account
password added to passwords.txt as test.account
password copied to clipboard.
Grab the password for test.account:
jmooberry@local ~ : getpass test
password for (test.account) copied to clipboard.
.profile helpers functions:
# password generator
# Usage: genpass 30 test.account.name
function genpass() {
    local file="/Volumes/SAFEFILE/passwords.txt"
    local length=30
    if [ $# != 0 ]; then
        length=$1
    fi
    local pass=$(< /dev/random strings \
        | perl -pe 's/\W//g;' \
        | head -c$length;
    )
    echo -n $pass | pbcopy
    if [ $# == 2 ]; then
        echo -en "\n$2\t$pass" >> $file
        echo "password added to passwords.txt as $2"
    fi
    echo "password copied to clipboard."
}

# password grabber
# Usage: getpass test.account.name
function getpass() {
    local file="/Volumes/SAFEFILE/passwords.txt"
    local pass=$(grep $1 $file | perl -pe 's/.+?(\w+)$/$1/;')
    local name=$(grep $1 $file | perl -pe 's/(.+?)\s+\w+$/$1/;')
    echo -n $pass | pbcopy
    echo "password for ($name) copied to clipboard."
}

# it's important.
if [ ! -d "/Volumes/SAFEFILE" ]; then
    echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
    echo "TRUECRYPT DIRECTORY NOT MOUNTED!!!"
    echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
fi