With the installation of mpw, pass becomes the most amazing credential manager I can think of.

Get the code

There is no debian package ready for mpw so it must be compiled.

From joe-devq I download the code:

git clone https://github.com/Lyndir/MasterPassword.git

I copy the source code to debian-10-dev (the template). So I start it and then from joe-devq:

qvm-copy MasterPassword # I choose debian-10-dev as target

Then I do the same with vault:

qvm-copy MasterPassword # I choose vault as target

I turn off the AppVM:

sudo shutdown -P 0

Template configuration

In debian-10-dev I install two required libraries:

# this is for Debian 10
sudo apt install libsodium23 libtinfo6

# this is for Debian 9
sudo apt install libsodium18 libtinfo5

I also install (see later why)

sudo apt install xclip

then I compile the source code:

cd MasterPassword/platform-indipendent/c/
./build

Output:

Building target: mpw...
INFO:     Enabled mpw_sodium (libsodium).
INFO:     Enabled mpw_color (libtinfo).
WARNING:  mpw_json was enabled but is missing json-c library.  Will continue with mpw_json disabled!
done!  You can now run ./mpw-cli-tests, ./install or use ./mpw

mpw_json is not necessary

If all goes well, the mpw binary is created and I can test it:

./mpw

If the command doesn’t throw errors, I move the binary:

sudo mv mpw /usr/bin/
sudo chmod +x /usr/bin/mpw

don’t move it to /usr/local/bin or it won’t show up in the joe-devq

I don’t shutdown the template because I still need it.

Vault setup

vault should be a Debian 9 and the libraries are already installed (from the Get started chapter)

I just need to compile mpw in the exact same way as above and move it to /usr/bin/

Additionally I need to copy risq to debian-10-dev:

qvm-copy ${HOME}/risks-scripts/appvm/risq # I choose joe-devq as target

At last

I power off the template (debian-10-dev):

sudo shutdown -P 0

and I start joe-devq

Usage

mpw is an algorithm for generating password. It takes some input arguments, the master password and it generates a random password.

This allows me to remember just one password for all my credentials.

Instead of saving my passwords in the first line of a pass-file (as by default)I write, instead, the entire mpw command-string used to generate the password.

Example:

mpw -q -t l -c 1 -a 3 -u joe@foo.bar www.reddit.com
---
domain: www.reddit.com
username: joe@foo.bar
url: https://www.reddit.com

Of course I don’t write the master password inside the file.

From vault

When I want to retrieve the password for reddit.com I do:

risks open identity ${IDENTITY}
$(pass reddit.com | head -n 1)

mpw prompts for the master password and I get the password displayed in the terminal.

From AppVM

I prefer to obtain my credentials directly in the terminal of the AppVM that I’m using and I use risq for this.

this works only if the AppVM is configured for pass-split!

risq pass reddit.com

it asks for the master password (and the GPG passphrase if the access has timeout) and this the output:

domain: www.reddit.com
username: joe@foo.bar
url: https://www.reddit.com

Password has been saved in clipboard
Press CTRL+V to use the content in this qube
Press CTRL+SHIFT+C to share the clipboard with another qube
In the other qube, press CTRL+SHIFT+v and then CTRL+V to use the clipboard content
Local clipboard will be erased is 45 seconds

The nice part is that I get the password copied in the clipboard and not displayed on the screen.