EqhoPass: Why I Built a Password Manager for Developers
As developers, we live and breathe security. We preach about strong passwords, two-factor authentication, and secure coding practices. Yet, many of us still rely on less-than-ideal password management solutions, or worse, reuse passwords across multiple services. I was guilty of this too. That's why I built EqhoPass, a CLI-first, encrypted, and Git-friendly password manager designed specifically for developers like you and me.
The Problem with Existing Solutions
Let's be honest, 1Password and Bitwarden are excellent password managers. They offer user-friendly interfaces, browser extensions, and mobile apps. However, they weren't quite the right fit for my workflow. Here's why:
- GUI-centric: As a developer, I spend a significant amount of time in the terminal. Switching to a GUI application just to retrieve a password felt disruptive and inefficient. I wanted a CLI tool that I could seamlessly integrate into my existing workflow.
- Limited Git Integration: While some password managers offer basic export functionalities, they lack native Git integration. I wanted a way to version control my passwords, track changes, and easily collaborate with my team on shared credentials (think staging vs. production environments).
- Cost (For Some Use Cases): While the cost is justifiable for many, I wanted a solution I could self-host and contribute to without ongoing subscription fees, especially for personal projects.
Enter EqhoPass: A Developer-Focused Approach
EqhoPass addresses these shortcomings by providing a CLI-first experience, robust Git integration, and a focus on local-first synchronization. It's designed to be lightweight, secure, and developer-friendly.
CLI-First Design
EqhoPass is primarily a command-line tool. This allows you to quickly retrieve passwords, generate new ones, and manage your credentials directly from your terminal. Here are some example commands:
# Initialize a new password store
eqhopass init
# Add a new password
eqhopass add my-website username password
# Retrieve a password
eqhopass get my-website password
# Generate a strong password
eqhopass generate --length 20
The CLI interface is designed to be intuitive and easy to use. You can even pipe the output of eqhopass get directly into other commands, such as ssh:
ssh $(eqhopass get my-server username)@$(eqhopass get my-server host)
Git-Friendly Storage
EqhoPass stores your encrypted password data in a simple directory structure. This directory can be easily version controlled using Git. This provides several benefits:
- Version History: Track changes to your passwords over time.
- Collaboration: Share credentials securely with your team by using Git branches and pull requests.
- Backup and Recovery: Easily restore your password store from a Git backup.
Here's how you can use Git with EqhoPass:
# Initialize a Git repository in your password store directory
git init
# Add and commit your password data
git add .
git commit -m "Initial commit of password store"
# Push your password store to a remote repository (e.g., GitHub, GitLab)
git remote add origin <your-remote-repository-url>
git push -u origin main
Important Security Note: While Git provides version control and collaboration features, it's crucial to ensure that your Git repository is private to prevent unauthorized access to your encrypted password data. Consider using a private repository on GitHub, GitLab, or a self-hosted Git server.
Local-First Synchronization
EqhoPass uses a local-first approach. Your password data is stored locally on your machine and synced to other devices using Git. This ensures that you always have access to your passwords, even when you're offline. It also gives you greater control over your data and privacy.
Security Architecture: Under the Hood
Security is paramount when dealing with passwords. EqhoPass employs robust encryption algorithms and security best practices to protect your data.
- AES-256-GCM: All password data is encrypted using AES-256-GCM, a strong symmetric encryption algorithm. GCM (Galois/Counter Mode) provides authenticated encryption, which ensures both confidentiality and integrity of the data.
- PBKDF2: Your master password is used to derive an encryption key using PBKDF2 (Password-Based Key Derivation Function 2). PBKDF2 is a key derivation function that strengthens the key by repeatedly hashing it with a salt. This makes it more resistant to brute-force attacks.
- Salt: A unique salt is generated for each password store. The salt is stored alongside the encrypted data and used during key derivation. This prevents attackers from using precomputed rainbow tables to crack your master password.
In short, your master password is used with PBKDF2 and a unique salt to create the encryption key. This key then encrypts your password data using AES-256-GCM.
How EqhoPass Differs From 1Password/Bitwarden
| Feature | EqhoPass | 1Password/Bitwarden |
|---|---|---|
| Primary Interface | CLI | GUI |
| Git Integration | Native, Git-friendly storage | Limited or None |
| Synchronization | Local-first, Git-based | Cloud-based |
| Hosting | Self-hosted | Cloud-hosted |
| Target Audience | Developers, CLI enthusiasts | General users |
Practical Examples
Let's say you need to store the credentials for your AWS account. You can use EqhoPass to do this:
eqhopass add aws access_key AKIAIOSFODNN7EXAMPLE
eqhopass add aws secret_key wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
# Then, in your AWS CLI configuration file:
[default]
aws_access_key_id = $(eqhopass get aws access_key)
aws_secret_access_key = $(eqhopass get aws secret_key)
Another example: Managing SSH keys. You can store the passphrase for your SSH key in EqhoPass and use it to automatically unlock your key when you need to use it.
eqhopass add ssh_key passphrase your_ssh_key_passphrase
# Then, in your .bashrc or .zshrc:
ssh-add <(echo $(eqhopass get ssh_key passphrase))
Conclusion
EqhoPass is a password manager designed for developers who value the command line, Git integration, and local-first synchronization. It provides a secure and efficient way to manage your passwords directly from your terminal. While it might not be for everyone, if you're a developer looking for a more developer-centric password management solution, EqhoPass might be the perfect fit.
If you're interested in trying EqhoPass, you can find it here: https://bilgestore.com/product/eqhopass. Give it a try and let me know what you think!
Top comments (0)