fraggle/PassAGE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
PassAGE is a command-line password manager that uses AGE (Actually Good Encryption) for secure password storage.
12 Commits 1 Branch 0 Tags 101 KiB
Go 97.2%
Makefile 2.8%
c6e3c35a80
Go to file
fraggle c6e3c35a80 Change default install directory to /usr/bin 
- Update Makefile PREFIX default from /usr/local to /usr
- Update INSTALL.md uninstall instructions to reflect /usr/bin
2026-01-11 19:07:34 -04:00
.gitignore Initial commit: PassAGE password manager 2026-01-11 18:48:01 -04:00
backup.go Initial commit: PassAGE password manager 2026-01-11 18:48:01 -04:00
clipboard.go Initial commit: PassAGE password manager 2026-01-11 18:48:01 -04:00
commands.go Initial commit: PassAGE password manager 2026-01-11 18:48:01 -04:00
CONTRIBUTING.md Clean up unnecessary comments and references 2026-01-11 19:04:42 -04:00
go.mod Initial commit: PassAGE password manager 2026-01-11 18:48:01 -04:00
go.sum Initial commit: PassAGE password manager 2026-01-11 18:48:01 -04:00
INSTALL.md Change default install directory to /usr/bin 2026-01-11 19:07:34 -04:00
LICENSE Initial commit 2026-01-11 18:46:24 -04:00
main.go Initial commit: PassAGE password manager 2026-01-11 18:48:01 -04:00
Makefile Change default install directory to /usr/bin 2026-01-11 19:07:34 -04:00
memory.go Initial commit: PassAGE password manager 2026-01-11 18:48:01 -04:00
passage.1.md Remove repository URLs and fix CI comments 2026-01-11 19:00:53 -04:00
README.md Clean up unnecessary comments and references 2026-01-11 19:04:42 -04:00
security.go Initial commit: PassAGE password manager 2026-01-11 18:48:01 -04:00
SECURITY.md Initial commit: PassAGE password manager 2026-01-11 18:48:01 -04:00
store.go Clean up unnecessary comments and references 2026-01-11 19:04:42 -04:00

README.md

PassAGE

A modern password manager using AGE encryption.

Quick Links: InstallationQuick StartCommandsSecurityContributing

Features

  • AGE encryption: Uses AGE (Actually Good Encryption) for secure password storage
  • Master password model: Single password protects all stored passwords
  • Git integration: Optional git repository support for version control
  • Command-line interface: Simple, intuitive commands
  • Linux/Unix: Designed for Linux and Unix-like systems
  • Clipboard support: X11 and Wayland clipboard integration
  • Secure password generation: Cryptographically secure random password generation

Installation

Prerequisites

  • Go 1.21 or later - Required for building
  • Linux/Unix system - Designed for Unix-like operating systems
  • pandoc or go-md2man (optional) - For building manpages
  • xclip or wl-clipboard - For clipboard support (X11/Wayland)

Build from Source

# Download dependencies
go mod download

# Build
go build -o passage .

# Or use Makefile
make build

Installation:

# System-wide installation
sudo make install

# User installation (no sudo required)
make install-user

Or install directly with go:

go install <repository-url>@latest

Build Options

For production builds, you may want to use additional flags:

# Build with version information
go build -ldflags "-X main.version=$(git describe --tags --always --dirty)" -o passage

# Build with trimmed paths (for reproducible builds)
go build -trimpath -o passage

# Build with race detector (for testing)
go build -race -o passage

# Build optimized binary (smaller, faster)
go build -ldflags "-s -w" -trimpath -o passage

Build flags explained:

  • -ldflags "-X main.version=..." - Inject version information at build time
  • -trimpath - Remove file system paths for reproducible builds
  • -race - Enable race detector (for debugging concurrency issues)
  • -ldflags "-s -w" - Strip debug symbols and disable DWARF generation (smaller binary)

Install Binary

Pre-built binaries may be available from the releases page.

Quick Start

1. Initialize the password store

Initialize the password store with a master password:

passage init

This will prompt you to:

  • Enter a master password (used to encrypt/decrypt all passwords)
  • Confirm the master password

The master password is required for all operations.

2. Add a password

passage insert example.com

3. Retrieve a password

passage show example.com

4. Generate a password

passage generate example.com 32

Usage

Commands

  • passage init [--path=subfolder] - Initialize password store with master password
  • passage [ls] [subfolder] - List passwords
  • passage find pass-names... - Find passwords by name
  • passage [show] [--clip[=line-number]] pass-name - Show password
  • passage grep search-string - Search within passwords
  • passage insert [--multiline] [--force] pass-name - Insert password
  • passage edit pass-name - Edit password
  • passage generate [--no-symbols] [--clip] [--in-place | --force] pass-name [pass-length] - Generate password
  • passage rm [--recursive] [--force] pass-name - Remove password
  • passage mv [--force] old-path new-path - Move/rename password
  • passage cp [--force] old-path new-path - Copy password
  • passage git git-command-args... - Run git commands
  • passage help - Show help
  • passage version - Show version

Environment Variables

passage respects the following environment variables:

  • PASSAGE_DIR - Path to password store (default: ~/.passage-store)

    export PASSAGE_DIR=~/my-passwords

  • PASSAGE_CLIP_TIME - Time in seconds to keep password in clipboard before auto-clearing (default: 10)

    export PASSAGE_CLIP_TIME=30  # Keep in clipboard for 30 seconds

  • PASSAGE_GENERATED_LENGTH - Default length for generated passwords (default: 25)

    export PASSAGE_GENERATED_LENGTH=32  # Generate 32-character passwords by default

  • EDITOR - Editor to use for passage edit command (default: vi)

    export EDITOR=nano  # Use nano instead of vi

Note: For complete documentation of all environment variables, see the manpage or run man passage after installation.

Git Integration

Initialize git repository:

passage git init

All password operations automatically commit to git (if initialized).

Security

IMPORTANT: PassAGE uses a master password model. Every operation requires the master password set during passage init.

Quick Security Overview

  • Master password: Single password protects all stored passwords (never stored in plaintext)
  • AGE Scrypt encryption: Industry-standard passphrase encryption
  • Argon2id verification: Master password verified using Argon2id hash (memory-hard, resistant to brute force)
  • File permissions: Store directory uses 0700, sensitive files use 0600

Best Practices

  1. Choose a strong master password (it cannot be recovered if forgotten)
  2. Use full disk encryption
  3. Back up your password store directory
  4. See SECURITY.md for detailed security information

Contributing

Contributions are welcome! Please see CONTRIBUTING.md for guidelines.

Documentation

  • INSTALL.md - Detailed installation instructions and troubleshooting
  • SECURITY.md - Security implementation details
  • CONTRIBUTING.md - How to contribute to the project
  • Manpage - Run man passage after installation (source: passage.1.md)

Project Structure

PassAGE/
├── main.go              # Entry point, command routing
├── commands.go          # Command implementations
├── store.go             # Core store operations
├── security.go          # Security utilities (path validation, etc.)
├── memory.go            # Secure memory management
├── clipboard.go         # Clipboard operations (Linux X11/Wayland)
├── backup.go            # Backup/restore functionality
├── go.mod               # Go module definition
├── Makefile             # Build and install targets
├── passage.1.md         # Manpage source
└── *.md                 # Documentation files

License

This project uses AGE encryption. See LICENSE file for details.