DIY Encrypted Password Vault

published on 2009-03-30 in computing , howto

This is something I've needed at various jobs/situations for years...a place to store the root/router/database/web passwords that only I can see. There are a lot of desktop/handheld apps for this but I always feel like I could lose the computer/handheld that it's on and I'd be boned. I'd rather have something I can stick on a server somewhere and access via a remote shell....or carry it around on a thumb drive. Here are the scripts:

encrypt.sh

#! /bin/sh 

openssl bf -a -salt -in $1.txt -out $1.bf && rm -v $1.txt

decrypt.sh

#! /bin/sh 

openssl bf -a -d -salt -in $1.bf

To use it, create a file named blah.txt that has your secret info in it. Run the encrypt script first:

$ ./encrypt.sh blah
enter bf-cbc encryption password:
Verifying - enter bf-cbc encryption password:
removed `blah.txt'

It will encrypt the file and remove it. Check the contents of the file:

$ cat blah.bf
U2FsdGVkX1/+ZGiXPSZX8MED9aXrm1NfIEjpv5vvFKo=

It's actually base 64 encoded so you can email it to yourself for safe keeping if you so choose.

To decrypt for reading:

$ ./decrypt.sh blah
enter bf-cbc decryption password:
secret host: secret password
secret host2: secret password2

Now take the encrypted output file and the 2 scripts, email it to yourself and store a copy on a thumb drive. :)

Tags: sysadmin encryption howto