A password manager for the sneakernet.
Sigil is a secure, PGP-backed password manager for your command line. It allows you to store your secrets inside an encrypted vault that can only be opened using your PGP key. You can also use it to store OTP generators and retrieve tokens whenever you like.
It is as resilient as text files: a Sigil vault is a plaintext TOML file
that can be decrypted using any PGP implementation of you choice. This means
your secrets will always remain at your disposal and under your control, even
when your fancy, cloud-based password manager shuts down or you can't
access/trust your phone. In fact, even if
Sigil were to go away for whatever reason, your passwords would still be a mere
gpg --decrypt
away.
You could throw your vault in a git repository or FTP server (or even take your chances with Dropbox or Google Drive) and have your secrets sync throughout your devices, all with ease of mind that they are safe. As a rule of thumb, wherever a file will go, so will your vault.
Releases are signed, as are single commits on this repository.
- Secure: as much as OpenPGP and your system
- Lasting: if text files are not going away, neither are your secrets
- Portable: syncs through the sneakernet
- Auditable: as open source software, you're free to inspect, audit and build Sigil on your own
Because it has been around for a (long) while, it is battle-tested and is available on many platforms. Plus, its implementation is a mission-critical piece of software that can be rely on the experience of a community of experts.
It also has the advantage of being quite widespread and so it would be safe to assume that a large chunk of the target audience already has and is confident in using a PGP key.
Because they can easily be made unavailable by a malicious actor or just reveal to be less lasting than you thought and shut down, leaving you with a bunch of data in a proprietary format. Or maybe because in some jurisdictions they may be compelled to reveal metadata relating to your usage -- or worse, your secrets! -- or you are not confident that such a leak may just be caused by a bona fide implementation error.
There really isn't an answer here. pass
is just as fine, but you may
find it troublesome handling, moving and syncing its directory-based structure.
In the end, Sigil follows the same philosophy of security and composeability.
Tab completion for password names is something that is not feasible using Sigil,
though.
The principle behind two factor authentication is combining something you know (a password, even though we're cheating here) and something you own (such as a phone). The thing here is that you own you PC just as much as your phone, it's even arguable that you may have (and be able to maintain) more control over your computer than over an easily stolen/reset/bricked/ unlocked phone.
Furthermore, the chances of a successfull remote attack and exfiltration of a PGP-encrypted file -- plus your private, somehow decripted key -- against your computer should be pretty much the same as those of such an attack against your phone, so the issue really boils down to which device you feel more confident in physically protecting. There's no actual reason to straight out prefer your phone over your PC.
If you want to be extra sure, you may also combine your vault with an external, FIDO2-like authenticator holding your PGP key.
Sigil relies on GPGME as provided by libgpgme11-dev
, which is available on
many Linux distros and should probably be already installed. In case it's
missing, please install it.
To install the latest release of Sigil, use sh -c "$(curl -sSL https://raw.githubusercontent.com/ALCC01/sigil/master/tools/install.sh)"
.
Please note that though release files are signed, this installer
does not verifiy them.
Sigil is currently developed using Rust 1.27, you can use rustup.rs to install it alongside with Cargo.
To compile and install it, use cargo install --git ssh://[email protected]/ALCC01/sigil
.
Make sure your PATH
contains $HOME/.cargo/bin
.
After the installation is over, there are other steps you may want to take to increase the usability and security of Sigil.
In your .bashrc
file (or its equivalent for your shell of choice)
- Add
export SIGIL_VAULT="$HOME/.sigil.vault"
or whatever path you want your vault to be written to - Add
export SIGIL_GPGKEY="[email protected]"
or pretty much anything that could be used as a--recipient
withgpg --encrypt
, hinting which key you're going to encrypt your vault with.
The following instructions will assume that you export these environment
variables, otherwise you'll neet to use the --vault
and --key
arguments
You may also want to avoid your shell saving your password in its history
when you provide it as a command line argument (using bash
this is possible
adding HISTIGNORE="$HISTIGNORE:sigil *"
to your .bashrc
file). If feasible,
you may want to avoid using the CLI arguments altogether and rely on the
interactive mode.
You can create your vault using sigil touch
. And you're done.
You can store a password in your vault using the sigil password add
command,
either providing the relevant arguments (use the --help
option for info) or
providing none and following the interactive setup.
Retrieving your password is just as easy as using the sigil password get <name>
command. Don't remember the name you assigned to the password? sigil ls
.
sigil password rm <name>
and then it's gone.
Sigil provides the sigil password generate <chars>
utility command to generate
random passwords of chars
length.
You can store a password in your vault using the sigil otp add
command,
either providing the relevant arguments (use the --help
option for info) or
providing none and following the interactive setup.
You can generate an OTP token using sigil otp token <name> <counter>
.
<counter>
is only needed for HOTP generators. Don't remember the name you
assigned to the generator? sigil ls
.
Many services will issue you with a otpauth://
URL (or its QR representation).
You can import such an URL using sigil otp import <url>
.
You can banish it out of existence using sigil otp remove <name>
.
Please refer to CHANGELOG.md.
Sigil is distributed under the terms of the Mozilla Public License, v. 2.0.
Sigil - A password manager for the sneakernet
Copyright (C) 2018 Alberto Coscia <inbox [-at-] albertocoscia [-dot-] me>
This Source Code is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, You can obtain one at http://mozilla.org/MPL/2.0/.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
Mozilla Public License for more details.