Recommendations for a Password Manager on Slackware
 

I'm looking for recommendations for a stand-alone password manager for Slackware.

The most common I've seen around the web are:
- KeepassXC
- Buttercup
- Bitwarden
- LastPass

Keepass and Lastpass are the only two I've heard about over the years but never used to date.

Any recommendations/comments would be greatly appreciated.

TIA

I've used KeePass and KeePassXC - currently using the latter (on current). Both do the job. The one thing that I like about KeePassXC, and why I settled on it - it doesn't require mono.

password-store (homepage).

I personally use Bitwarden [1]. It is good and has apps for major systems you can get. However, it is a client - server system and that's definitely not standalone.


[1] Actually I use unofficial rust implementation called vaultgarden. I run it on my server and access it from my machines. It is small and can use sqlite as DB hence it is quite well fitting for small users like me.
https://github.com/dani-garcia/vaultwarden

You can easily try them. Or do you want to use what I like? (keepassxc)

I can't recommend password-store highly enough. Along with having a sane structure, having excellent autocompletion, and being effectively future-proof (password-store is basically a porcelain for gpg and git), it's also got a dmenu interface, a Firefox plugin, an Emacs package, third-party Android and iOS apps, and a host of community-maintained plugins - OTP, tomb, various tools to migrate passwords from other databases, the Firefox plugin as mentioned ... It leverages git for version control, so you can go back in time to see e.g. old removed passwords you didn't realise you still needed, and you can distribute your repository easily using the same tools you would with git. If you want to maintain a password manager on both your computer and phone without passing KeePass files around, this is a great way of doing it. I've had my password-store on my laptop, home server, and iPhone for about 3 years now.

I think the only thing that can really be said against it is that the database might leak metadata about your online profile, since the database is really just a directory structure under $HOME/.password-store with encrypted files named whatever you like - it effectively lists all your online accounts if you use it in that way, and anyone with a copy of these files can see this in plain text. There are plenty of ways to work around this though, including encrypting your HDD at rest and locking your computer when you're away from it, or by using pass-tomb to encrypt the entire database and only unlock it for time-limited intervals while you're using it. Also, although in principle it would work great for team-based arrangements since it's so easy to distribute, since it's really just a git repository you can't realistically revoke access for anyone, so I would never honestly suggest it for that. It's awesome for personal use though.

Edit: also I use KeePassXC at work just because I’ve been using it for 5+ years and it works very well, but as I mentioned it doesn’t lend itself to my own workflow with computer and mobile device

I'm not quoting everything that you had written, but what you had written was enough for me to take a look. Thanks!

here I insert my online accounts (or others too) as multi-line (-m), with the name of the online service as the store ("Facebook", for example), the account name as the first line and the password as the second line: this way very little will leak if you publish the git repository somewhere public...

KeepassXC. Thanks for the password-store suggestions.

Thanks all.

I've installed Alien Bob's keepassxc-2.6.6-x86_64-1alien.txz mostly for the keepass-cli

Looks like there is more to look at :)

-- kjh

I use KeePassXC, keepassxc-browser plugin for firefox, KeePass DX on Android.

I do something similar, and for me this arrangement is fine - honestly I treat my personal laptop as pure convenience, so if someone has my laptop and I’m logged in then my gpg-agent already has my password saved … otherwise they’re not going to be getting their hands on my keys or password, and I’m not too concerned about leaked metadata because it’s kept offline (some people use Gitlab or GitHub to store their password store, which with a strong key is safe enough I suppose but still feels insane to me even if you have a private repository - I just have it on any home server).

This is what I use too. Only problem is that it relies on xclip to copy password to the clipboard, which doesn't work on Wayland. Anyone know if there is a solution to that?

Yep, I also use password-store with multiline entries. I like to keep my security questions/answers in multiline entries for logins that require it also. When pulling passwords in something like firefox, only the password line gets auto-filled after unlocking the password-store entry. Still need to open a terminal to unlock it that way for viewing the other lines stored in the entry.

The 'generate' command is nice to produce secure passwords also.

It's supposed to use 'wl-clipboard' on wayland. I'm not sure if that's included in Slackware though.

You can see that the password-store.sh script checks if wayland is running and defaults to commands from wl-clipboard, if its found on the system. This commit shows the relevant code: https://git.zx2c4.com/password-store...edf5938219a9b7

Edit: Doesn't appear to be in Slackware. I guess it could be added as an optional dependency to the slackbuilds.org build of password-store.