API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 10th, 2016
177
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.00 KB | None | 0 0
raw download clone embed print report
  1. # Add more functionality to PasswordSafe CLI
  2.  
  3. 1. New Actions
  4. 2. Multi-safe operations
  5.  
  6. ## 1. New Actions
  7.  
  8. #### Create a new safe
  9.  
  10. pwsafe-cli newsafe.psafe3 --new
  11.  
  12. newsafe.psafe3 must not exist.
  13.  
  14. #### Search for an entry
  15.  
  16. pwsafe-cli mysafe.psafe3 --search='Group=Banks,Title=Citibank'
  17.  
  18. Search is a read-only operation. It would print the Group, Title & User of matching entries on stdout, which are usually enough to distinguish each entry.
  19.  
  20. #### Add a new entry
  21.  
  22. pwsafe-cli newsafe-psafe3 --add title='NewEntry' user='newuser' password='secret'...
  23.  
  24. // Perhaps it would be better to have a uniform way of specifying parameters, e.g.,
  25. // pwsafe-cli mysafe.psafe3 --add='Group:Forums,Title:AVSForum,email:me@newmail.com,password=secret'
  26. // Password could be autogenrated if unspecified?
  27. // Error if entry exists?
  28.  
  29. #### Delete an existing entry
  30.  
  31. pwsafe-cli newsafe-psafe3 --select='Group:Forums,title:AndroidForum' --delete [--yes]
  32.  
  33. Would prompt for confirmation if the input is a terminal, unless --yes is specified. If invoked by another process, --yes must be passed or else it would result in a no-op.
  34. // Error if > 1 entries match
  35.  
  36. #### Update an existing entry
  37.  
  38. pwsafe-cli mysafe.psafe3 --select='Group:Forums,Title:AVSForum' --update=email:me@newmail.com
  39.  
  40. The entry must exist. This doesn't create a new entry.
  41.  
  42. #### Print some field(s) of an existing entry
  43.  
  44. pwsafe-cli mysafe.psafe3 --select='Group:Forums,Title:AVSForum' --print=password
  45.  
  46. It is an error if the entry is not found. pwsafe-cli would exit with an error code. However, its not an error if the field is not set or is set to an empty value (in which case pwsafe-cli would print nothing).
  47.  
  48. More details entry selection and actions below.
  49.  
  50.  
  51. ## 2. Multi-safe operations
  52.  
  53.  
  54. ### Diff
  55.  
  56. pwsafe-cli mysafe.psafe3 --diff othersafe.psafe3 [-u|-c|-s] [--diffprog=<path>]
  57.  
  58. Show unified (default), context or side-by-side diff. Or just hand it over to an external program like vimdiff
  59.  
  60. ### Sync
  61.  
  62. pwsafe-cli mysafe.psafe3 --sync [-n] othersafe.psafe3 [--confirm]
  63.  
  64. Update entries of mysafe.psafe3 with matching entries from othersafe.psafe3, wherever they differ. Entries in othersafe.psafe3 that don't exist in mysafe.psafe3 are ignored.
  65.  
  66. --confirm prompts before making each change with yes,no,no-to-all,yes-to-all,quit,abort options.
  67.  
  68. // --dryrun?
  69.  
  70. ### Merge
  71.  
  72. pwsafe-cli mysafe.psafe3 --merge [-n] othersafe.psafe3 --mine|--other|--confirm
  73.  
  74. (-n for dry-run, to print out the changes without modifying mysafe.psafe3)
  75.  
  76. --confirm prompts before making each change for which value to prefer (--mine=mysafe, --other=othersafe), along with all-mine,all-other,quit,abort options.
  77.  
  78. ## 3. Other mechanisms for safe password input
  79.  
  80. ### From an environment variable
  81. // I *really* don't think we should do this. It's a security hole waiting to be exploited...
  82. export PASSWORSAFE_PASSWORD=mysecret
  83.  
  84. pwsafe-cli mysafe.psafe3 --combination-env=PASSWORDSAFE_PASSWORD --select='Title:ebay' --view
  85.  
  86. This idea is from ipmitool, which works somewhat like that.
  87.  
  88. ### From a keyring (if possible, like on OSX)
  89.  
  90. The keyring manager should prompt the user to allow/disallow specific apps from accessing the password.
  91.  
  92. pwsafe-cli mysafe.psafe3 --combination-keyring --select='Group:Forums,Title:AVSForum' --print=notes
  93.  
  94. ### From a file descriptor
  95.  
  96. An application having access to a safe's combination might want to launch pwsafe-cli and pass the combination to it *securely*. Passing safe combination as command line parameter has the security issue that the combination could be visible in the output of `ps` command. Instead, the parent application could create an fd and fork pwsafe such that pwsafe inherits it. The combination then be securely written to & read from the fd by the parent application and pwsafe-cli respectively.
  97.  
  98. pwsafe-cli mysafe.psafe3 --combination-fd=5 --select='Title:SomeTitle' --autotype
  99.  
  100. ## Selecting safe entries
  101.  
  102. The "select" argument essentially specifies the EXACT value of any field in the database. The field must be a known valid field type, which are
  103.  
  104. 1. Group
  105. 2. Title
  106. 3. User
  107. 4. Password
  108. 5. URL
  109. 6. E-Mail
  110. 7. Notes
  111. 8. Autotype
  112. 9. Run Command
  113. 10. DCA & Shift-DCA
  114.  
  115. Multiple fields can be specified, but typically it would be Title, sometimes in combination with User. Selecting entries by partial matching is not supported, to prevent accidental overwriting/deletion of a wrong entry. However, entries can be search for by supplying a partial value for one of its fields, which is a read-only operation. All matching entries would be printed, and the desired entry can be selected exactly in the next command for any modifications.
  116.  
  117. **Any operation whose '--select=' clause results in multiple matches would fail.**
  118.  
  119. ## Actions on selected entries
  120.  
  121. Possible actions are as follows. They could take a valid field name a valid value for that field, depending on the semantics of
  122. that action
  123.  
  124. _Both field name and a valid value are required_
  125.  
  126. #### 1. Update
  127.  
  128. pwsafe-cli mysafe.psafe3 --select='Title:Amazon' --update='email:me@newmail.com'
  129.  
  130. _Only the fieldname is required_
  131.  
  132. #### 2. Copy to clipboard (only if X is running)
  133.  
  134. pwsafe-cli mysafe.psafe3 --select='Title:Github' --to-clipboard='password'
  135. // Would be nice to be able to do this without linking in any X windows library.
  136.  
  137. #### 3. Delete
  138.  
  139. pwsafe-cli mysafe.psafe3 --select='Title:SourceForge' --delete='URL'
  140.  
  141. _No fieldname or field value are required for these_
  142.  
  143. #### 4. Generate new password
  144.  
  145. pwsafe-cli mysafe.psafe3 --select='Title:Hotmail' --generate-new-password
  146.  
  147. #### 5. Autotype
  148.  
  149. pwsafe-cli mysafe.psafe3 --select='Title:Gmail' --autotype
  150. // How would this work on a CLI version??
  151.  
  152. #### 6. Run Command
  153.  
  154. pwsafe-cli mysafe.psafe3 --select='Title:HomeNAS' --run-command
  155.  
  156. #### 7. View (dump all fields. May be in some parseable format like JSON, YAML?)
  157. // I'd call this 'export', and specify format from text and XML - trivial. JSON/YAML should be simple to add.
  158. pwsafe-cli mysafe.psafe3 --select='Title:Netflix' --view
  159.  
  160. #### 8. Clear Password History
  161.  
  162. pwsafe-cli mysafe.psafe3 --select='Title:Atlassian' --clear-pw-history
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!