Editing Password Manager

Epm is a simple password manager similar to others like pass and tpm. While being even simpler then most managers, it offers a few interesting features:

Relying on the path to the .gpg file, instead of just the name, allows the user to use regular tab-completion provided by the shell. Additionally, writing programs on top of epm is easier, as it is not required to strip the password-file from its extension and path.

Additionally, epm-menu provides an easy to use approach to select the correct password. Once selected, xdotool translates the password to a series of key presses, making it very easy to insert it into a password field.

Random passwords can be generated with the passgen tool.


Internally epm uses GPG with a simple asynchronous, self recipient encryption, for which it requires a gpg-key to be available. One can make one using gpg --gen-key. Please refer to GPG documentation for more details.

Epm consists of a single portable shell-script, which provides the basic functions:

For day-to-day usage, epm-menu is a very handy tool. It provides the user with a dmenu-driven menu, listing all the passwords stores under ${HOME}/.password-store. After the selection, the password is typed by xdotool, this is a simple and useful way of filling out password fields. There is no need for copying/pasting, nor can we paste the password multiple times by accident.


The source to epm (Depends on GPG):


TMP=`mktemp /dev/shm/XXXXXX`
cleanup () {
    rm -f ${TMP} 2> /dev/null
trap cleanup EXIT
umask 177

GPG_FLAGS="--quiet --yes --batch --default-recipient-self"

add () {

    if [[ -e "${passwdfile}" ]]; then
        echo "File already exists, use 'epm edit ${passwdfile}' to update it." 1>&2
        exit 1
        read -r passwd
        echo ${passwd} | gpg ${GPG_FLAGS} --encrypt --output ${passwdfile}
        edit ${passwdfile}

edit () {

    if [[ -z "${EDITOR}" ]]; then
        echo 'Please set $EDITOR to your editor and re-edit the file!' 1>&2
        exit 3

    if [[ -z ${update} ]]; then
        passwd=`showpass ${passwdfile}`
        read -r passwd

    gpg ${GPG_FLAGS} --decrypt ${passwdfile} | sed '1d' > ${TMP} &&
    ${EDITOR} ${TMP} < /dev/tty > /dev/tty &&
    (echo ${passwd}; cat ${TMP}) |
        gpg ${GPG_FLAGS} --output ${passwdfile} --encrypt

show () {
    gpg ${GPG_FLAGS} --decrypt ${1}

showpass () {
    show "$@" | head -n 1 | tr -d '\n'

case "${1}" in
    "add")      add      "${2}"       ;;
    "edit")     edit     "${2}" "${3}";;
    "show")     show     "${2}"       ;;
    "showpass") showpass "${2}"       ;;

The source to epm-menu (Depends on dmenu and xdotool):



# Remove prefix ./ and single . entry, remove trailing .gpg
entry=$(cd ${STORE}; find . |
    sed 's:^\./::' | sed '/^\.$/d' | sed 's:\.gpg$::' | dmenu)

epm showpass "${STORE}/$entry.gpg" | xdotool type --clearmodifiers --file -


Epm and epm-menu are trivial, and thus in public domain.