# derivepassphrase-vault(1)
## NAME
derivepassphrase-vault – derive a passphrase using the vault(1)
derivation scheme
## SYNOPSIS
````
derivepassphrase vault [OPTIONS] [SERVICE]
````
## DESCRIPTION
Using a master passphrase or a master SSH key, derive a passphrase for
<i>SERVICE</i>, subject to length, character and character repetition
constraints. The derivation is cryptographically strong, meaning that even
if a single passphrase is compromised, guessing the master passphrase or
a different service's passphrase is computationally infeasible. The
derivation is also deterministic, given the same inputs, thus the resulting
passphrase need not be stored explicitly. The service name and constraints
themselves also need not be kept secret; the latter are usually stored in
a world-readable file.
If operating on global settings, or importing/exporting settings, then
<i>SERVICE</i> must be omitted. Otherwise it is required.
## OPTIONS
### Password generation
<b>-p</b>, <b>-</b><b>-phrase</b>
: prompts you for your passphrase
<b>-k</b>, <b>-</b><b>-key</b>
: uses your SSH private key to generate passwords
<b>-l</b>, <b>-</b><b>-length</b> <var>NUMBER</var>
: emits password of length <var>NUMBER</var>
<b>-r</b>, <b>-</b><b>-repeat</b> <var>NUMBER</var>
: allows maximum of <var>NUMBER</var> repeated adjacent chars
<b>-</b><b>-lower</b> <var>NUMBER</var>
: includes at least <var>NUMBER</var> lowercase letters
<b>-</b><b>-upper</b> <var>NUMBER</var>
: includes at least <var>NUMBER</var> uppercase letters
<b>-</b><b>-number</b> <var>NUMBER</var>