Grumpy Gamer

You might be interested in Bitwarden. It offers a self-hosting option, which I recognize is somewhat annoying, but a super cheap basic-tier VPS is enough to run it comfortably, and you don't lose the convenience of extensions/etc. You could even run it locally in Docker if you don't care about shared access.

Oh, and it does have a command line interface!

Ron, now that you're on a Linux machine, I strongly recommend you switch to KeePassXC. It's free and multiplatform: https://keepassxc.org/download/

Then there's https://buttercup.pw/ and several others. There's an article addressing password managers for Linux here:  https://www.fossmint.com/linux-password-managers/

Thanks!

I use the password app of my Nextcloud installation. Browser integration with Firefox and Chrome is good and if I have to access the passwords from an unsupported system I can just open the webclient.
It's running on my own server  so I don't have to trust some third party to keep their promises. And I get the benefits of runnig it in the cloud.

BTW: Your blog seems to be missing a title-tag.

I've yet to see a password manager that is usable and "impressive". I work at the Max Planck Society and KeePassXC is being used by many people at many of our institutes, simply because it is free and available on all major platforms. It seems to be the most viable option, especially on Linux.

The best "enterprise-level" commercial application for that purpose that I have seen, unfortunately,  is extremely expensive and requires a Windows Server: Mateso Password Safe. https://www.passwordsafe.com/

VeraCrypt... The fork of TrueCrypt, which in turn had a major security flaw that made its encrpytion easily breakable, which was the reason why the project was abandoned?

Let's state the obvious, gentlemen: All these things will at best protect you from nosy neighbors and script kiddies, but none of them will protect you from your own government. It also doesn't matter whether that information is stored locally or on some cloud storage: The moment you use your credentials, they are being sent over the Internet, and all that Internet traffic --is-- being intercepted at your ISP's core routers. This is not paranoia, since Edward Snowden all suspicions have been confirmed. For example, here in Germany, all  Internet traffic is being routed through DE-CIX in Frankfurt, and all traffic going through there is mirrored - not by German intelligence services, but by US intelligence services. And what the Americans don't intercept, GCHQ in Britain does.

Seriously, we need to be more afraid of our "friendly" government agencies than we should be afraid of Nigerian spammers or Russian or Chinese hackers. The Nigerians are at least only interested in our money, the others want to control our lives.

My personal recommendation: Pass + Passff.

Pass is a *nix command line-based password manager. It runs fully locally, so no cloud-based crap. There are some graphical front-ends for it which you could use if you prefer that.

Passff is a browser extension so you can easily access your passwords stored by Pass in the browser.

Installing it will require a bit of work, reference the Git pages or Arch Wiki if you run in to issues and for how-to's.

For historical reasons I'm still using the pwsafe.org client, originally designed by Bruce Schneier, which uses a local database only. It's hard to recommend given how basic and clunky it is (especially the linux version). Has some basic support for Yubikeys for 2FA, but that's about it for features. It doesn't interface with anything, and that's just fine for me.

In KeePassXC, you can just hit Ctrl-T to copy the TOTP code or Ctrl-Shift-T to see it. KeePassXC-Browser can autofill TOTP codes on associated sites if you want, too.

As others have mentioned Pass is the one you want: https://www.passwordstore.org/ all your passwords in seperate gpg encrypted files managed via git with a hook to prompt for the key when running things such as `git log -p`

It's awesome and there are Chrome extensions.

I used KeePass for the longest time, recently I installed a self hosted NextCloud instance (using docker, really easy to manage) and it comes with a KeePassWeb app that fully executes locally, it's pretty neat.

1Password does work on Linux, but it's only 1PasswordX, which is their evil subscription service with them storing my passwords.  I've been using KeePassXC. It works but is clunky. It will do.

If you want to use your existing keychain, you can use https://icculus.org/1pass/  (It's very limited though)

If you don't want cloud based; but still want portable and easy to use/integrate you might want to take a look as physical password managers. I have used the mooltipass mini (https://www.themooltipass.com/) for a few years, and it works great on linux and has full support for mac/windows/smartphones as well. It has browser plugins, and desktop daemon that can automate detecting password fields, but even without those it works flawlessly without anything installed since it emulates a keyboard.
It's secure, portable, and easy to use. Only con is you do you need to remember to keep it with you if you want to use it on your phone/laptop on the go. But for the added peace of mind knowing your passwords are not likely to show up in bulk in a leak; I think that's a worthwhile tradeoff.

@Cris I find the idea of using Veracrypt to store plain text files quite interesting – specially since you can fool 'enforcers' with two different VC passwords. I also remove drive letters on Windows and let VC mount them when a correct password is entered. I have yet to check if this is feasible on Ubuntu 😀

@plf - that is what he's using.

KeepassXC: https://keepassxc.org

I'm a big fan of Bitwarden. I do use their cloud-based version, but I've been considering hosting my own server and ditching the cloud-based version.

I use "pass" it puts all my passwords in ~/.password-Store encrypted by default. Then i sync them to my own cloud storage. been using it for years. there are rofi/dmenu plugins for it as well as firefox and crom*

Also, I forgot to mention it, but you can export 1Password to CSV and import it to KeePassXC!   https://support.1password.com/export/

I forgot to say. I'll probably be slowly transitioning to Bitwarden because it seems to be compatible for all my desired platforms.

Not to hijack this post, but I  just want to say congrats on making the jump to Linux. I'm a long time Mac & Windows user (from System 7.1 & Win3.1 onward) but this year I forced myself to transition off both to Linux to avoid using Windows10. I don't want to buy a modern Mac to run modern MacOS. Ubuntu/Debian based Linux distros have been really great for me.
I highly recommend you check out PopOS. I experimented with like 20 different distros before settling on PopOS. The auto-tiling shell is absolutely the best way to get lots of work done with multiple windows. Its so fast cand clean and still totally gnome3 based so you can do whatever you'd want.
For home server use I have several SBC and converted chromebooks running DietPi. I totally recommend you checking that out too. Its fantastic for low power/older machines.

Bitwarden is super easy to use. Is free, or paid. Can be self hosted if you like. Works on your desktop, browser and mobile. Can do autofill as.

Keypass XC is what i use. And the keyfile is synchronized using my own nextcloud.

Your posts lately have reminded me what made me switch back to Windows after 6 years of Linux exclusive life. Everything works, almost. And that ALMOST drove me nuts in the end.

I agree with some other users here. Enpass works very well. Synch to cloud storage is only an option.  You pay only for mobile version.

I've been using Firefox Lockwise, the password manager that comes built into Firefox these days (and also has an iOS app, I believe). As I understand it, it doesn't store anything on a server, it just syncs between the various machines you run Firefox on. It also has the ability to generate strong passwords for new or existing accounts.

Then I keep this folder synced using Syncthing, so no cloud, only my personal machines :)

I do gopass but it might not be right for you.

In KDE, I use https://github.com/akermu/krunner-pass with https://www.passwordstore.org/.

Then I just have to ress Super+Space (or Alt+F2) and I can quickly select my password.

Also check out this open source/hardware password manager, which just completed its kickstarter for the next new BT enabled version: https://www.kickstarter.com/projects/limpkin/mooltipass-mini-ble-security-on-the-go

why don't you use bitwarden, ron? you could host it on your personal server and use it everywhere!