git.schokokeks.org
Repositories
Help
Report an Issue
derivepassphrase.git
Code
Commits
Branches
Tags
Suche
Strukturansicht:
ca1e07c
Branches
Tags
documentation-tree
master
unstable/modularize-and-refactor-test-machinery
unstable/ssh-agent-socket-providers
wishlist
0.1.0
0.1.1
0.1.2
0.1.3
0.2.0
0.3.0
0.3.1
0.3.2
0.3.3
0.4.0
0.5.1
0.5.2
derivepassphrase.git
0.x
reference
derivepassphrase-vault.1
index.html
Deployed 05a21ba2ec99 to 0.x with MkDocs 1.6.1 and mike 2.1.3
Marco Ricci
commited
ca1e07c
at 2025-01-07 15:51:52
index.html
Blame
History
Raw
<!doctype html> <html lang="en" class="no-js"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width,initial-scale=1"> <meta name="description" content="An almost faithful Python reimplementation of James Coglan's vault."> <meta name="author" content="Marco Ricci"> <link rel="canonical" href="https://the13thletter.info/derivepassphrase/0.x/reference/derivepassphrase-vault.1/"> <link rel="prev" href="../derivepassphrase.1/"> <link rel="next" href="../derivepassphrase-export.1/"> <link rel="icon" href="../../assets/images/favicon.png"> <meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.5.42"> <title>derivepassphrase-vault(1) - derivepassphrase</title> <link rel="stylesheet" href="../../assets/stylesheets/main.0253249f.min.css"> <style>:root{--md-text-font:"Noto Sans";--md-code-font:"Noto Mono"}</style> <link rel="stylesheet" href="../../assets/_mkdocstrings.css"> <link rel="stylesheet" href="../../mkdocstrings_recommended_styles.css"> </head> <body dir="ltr"> <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off"> <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off"> <label class="md-overlay" for="__drawer"></label> <div data-md-component="skip"> <a href="#derivepassphrase-vault1" class="md-skip"> Skip to content </a> </div> <div data-md-component="announce"> </div> <div data-md-color-scheme="default" data-md-component="outdated" hidden> </div> <div class="md-container" data-md-component="container"> <nav class="md-tabs" aria-label="Tabs" data-md-component="tabs"> <div class="md-grid"> <ul class="md-tabs__list"> <li class="md-tabs__item"> <a href="../.." class="md-tabs__link"> Overview </a> </li> <li class="md-tabs__item"> <a href="../../tutorials/" class="md-tabs__link"> Tutorials & Examples </a> </li> <li class="md-tabs__item"> <a href="../../how-tos/" class="md-tabs__link"> How-Tos </a> </li> <li class="md-tabs__item md-tabs__item--active"> <a href="../" class="md-tabs__link"> Reference </a> </li> <li class="md-tabs__item"> <a href="../../explanation/" class="md-tabs__link"> Design & Background </a> </li> <li class="md-tabs__item"> <a href="../../changelog/" class="md-tabs__link"> Changelog </a> </li> </ul> </div> </nav> <main class="md-main" data-md-component="main"> <div class="md-main__inner md-grid"> <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" > <div class="md-sidebar__scrollwrap"> <div class="md-sidebar__inner"> <nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0"> <label class="md-nav__title" for="__drawer"> <a href="../.." title="derivepassphrase" class="md-nav__button md-logo" aria-label="derivepassphrase" data-md-component="logo"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54"/></svg> </a> derivepassphrase </label> <div class="md-nav__source"> <a href="https://github.com/the-13th-letter/derivepassphrase" title="Go to repository" class="md-source" data-md-component="source"> <div class="md-source__icon md-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg> </div> <div class="md-source__repository"> the-13th-letter/derivepassphrase </div> </a> </div> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../.." class="md-nav__link"> <span class="md-ellipsis"> Overview </span> </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" > <div class="md-nav__link md-nav__container"> <a href="../../tutorials/" class="md-nav__link "> <span class="md-ellipsis"> Tutorials & Examples </span> </a> <label class="md-nav__link " for="__nav_2" id="__nav_2_label" tabindex="0"> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_2"> <span class="md-nav__icon md-icon"></span> Tutorials & Examples </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../tutorials/basic-setup-passphrase/" class="md-nav__link"> <span class="md-ellipsis"> Setting up derivepassphrase vault for three accounts, with a master passphrase </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" > <div class="md-nav__link md-nav__container"> <a href="../../how-tos/" class="md-nav__link "> <span class="md-ellipsis"> How-Tos </span> </a> <label class="md-nav__link " for="__nav_3" id="__nav_3_label" tabindex="0"> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_3"> <span class="md-nav__icon md-icon"></span> How-Tos </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../how-tos/ssh-key/" class="md-nav__link"> <span class="md-ellipsis"> How to set up derivepassphrase vault with an SSH key </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" checked> <div class="md-nav__link md-nav__container"> <a href="../" class="md-nav__link "> <span class="md-ellipsis"> Reference </span> </a> <label class="md-nav__link " for="__nav_4" id="__nav_4_label" tabindex=""> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="true"> <label class="md-nav__title" for="__nav_4"> <span class="md-nav__icon md-icon"></span> Reference </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_2" checked> <label class="md-nav__link" for="__nav_4_2" id="__nav_4_2_label" tabindex=""> <span class="md-ellipsis"> Man pages </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_2_label" aria-expanded="true"> <label class="md-nav__title" for="__nav_4_2"> <span class="md-nav__icon md-icon"></span> Man pages </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../derivepassphrase.1/" class="md-nav__link"> <span class="md-ellipsis"> derivepassphrase(1) </span> </a> </li> <li class="md-nav__item md-nav__item--active"> <input class="md-nav__toggle md-toggle" type="checkbox" id="__toc"> <label class="md-nav__link md-nav__link--active" for="__toc"> <span class="md-ellipsis"> derivepassphrase-vault(1) </span> <span class="md-nav__icon md-icon"></span> </label> <a href="./" class="md-nav__link md-nav__link--active"> <span class="md-ellipsis"> derivepassphrase-vault(1) </span> </a> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class="md-nav__title" for="__toc"> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix> <li class="md-nav__item"> <a href="#name" class="md-nav__link"> <span class="md-ellipsis"> NAME </span> </a> </li> <li class="md-nav__item"> <a href="#synopsis" class="md-nav__link"> <span class="md-ellipsis"> SYNOPSIS </span> </a> </li> <li class="md-nav__item"> <a href="#description" class="md-nav__link"> <span class="md-ellipsis"> DESCRIPTION </span> </a> </li> <li class="md-nav__item"> <a href="#options" class="md-nav__link"> <span class="md-ellipsis"> OPTIONS </span> </a> <nav class="md-nav" aria-label="OPTIONS"> <ul class="md-nav__list"> <li class="md-nav__item"> <a href="#passphrase-generation" class="md-nav__link"> <span class="md-ellipsis"> Passphrase generation </span> </a> </li> <li class="md-nav__item"> <a href="#configuration" class="md-nav__link"> <span class="md-ellipsis"> Configuration </span> </a> </li> <li class="md-nav__item"> <a href="#storage-management" class="md-nav__link"> <span class="md-ellipsis"> Storage management </span> </a> </li> <li class="md-nav__item"> <a href="#compatibility-and-extension-options" class="md-nav__link"> <span class="md-ellipsis"> Compatibility and extension options </span> </a> </li> <li class="md-nav__item"> <a href="#other-options" class="md-nav__link"> <span class="md-ellipsis"> Other Options </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="#shell-script-export-format" class="md-nav__link"> <span class="md-ellipsis"> SHELL SCRIPT EXPORT FORMAT </span> </a> </li> <li class="md-nav__item"> <a href="#ssh-key-suitability" class="md-nav__link"> <span class="md-ellipsis"> SSH KEY SUITABILITY </span> </a> </li> <li class="md-nav__item"> <a href="#environment" class="md-nav__link"> <span class="md-ellipsis"> ENVIRONMENT </span> </a> </li> <li class="md-nav__item"> <a href="#files" class="md-nav__link"> <span class="md-ellipsis"> FILES </span> </a> </li> <li class="md-nav__item"> <a href="#security" class="md-nav__link"> <span class="md-ellipsis"> SECURITY </span> </a> </li> <li class="md-nav__item"> <a href="#examples" class="md-nav__link"> <span class="md-ellipsis"> EXAMPLES </span> </a> </li> <li class="md-nav__item"> <a href="#diagnostics" class="md-nav__link"> <span class="md-ellipsis"> DIAGNOSTICS </span> </a> <nav class="md-nav" aria-label="DIAGNOSTICS"> <ul class="md-nav__list"> <li class="md-nav__item"> <a href="#fatal-error-messsages-on-standard-error" class="md-nav__link"> <span class="md-ellipsis"> Fatal error messsages on standard error </span> </a> </li> <li class="md-nav__item"> <a href="#non-fatal-warning-and-info-messages-on-standard-error" class="md-nav__link"> <span class="md-ellipsis"> Non-fatal warning and info messages on standard error </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="#compatibility" class="md-nav__link"> <span class="md-ellipsis"> COMPATIBILITY </span> </a> <nav class="md-nav" aria-label="COMPATIBILITY"> <ul class="md-nav__list"> <li class="md-nav__item"> <a href="#with-other-software" class="md-nav__link"> <span class="md-ellipsis"> With other software </span> </a> </li> <li class="md-nav__item"> <a href="#forward-and-backward-compatibility" class="md-nav__link"> <span class="md-ellipsis"> Forward and backward compatibility </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="#see-also" class="md-nav__link"> <span class="md-ellipsis"> SEE ALSO </span> </a> </li> <li class="md-nav__item"> <a href="#author" class="md-nav__link"> <span class="md-ellipsis"> AUTHOR </span> </a> </li> <li class="md-nav__item"> <a href="#bugs" class="md-nav__link"> <span class="md-ellipsis"> BUGS </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="../derivepassphrase-export.1/" class="md-nav__link"> <span class="md-ellipsis"> derivepassphrase-export(1) </span> </a> </li> <li class="md-nav__item"> <a href="../derivepassphrase-export-vault.1/" class="md-nav__link"> <span class="md-ellipsis"> derivepassphrase-export-vault(1) </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_3" > <label class="md-nav__link" for="__nav_4_3" id="__nav_4_3_label" tabindex=""> <span class="md-ellipsis"> API docs: Module derivepassphrase </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_3_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_4_3"> <span class="md-nav__icon md-icon"></span> API docs: Module derivepassphrase </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../derivepassphrase.cli/" class="md-nav__link"> <span class="md-ellipsis"> Submodule cli </span> </a> </li> <li class="md-nav__item"> <a href="../derivepassphrase.exporter/" class="md-nav__link"> <span class="md-ellipsis"> Subpackage exporter </span> </a> </li> <li class="md-nav__item"> <a href="../derivepassphrase.sequin/" class="md-nav__link"> <span class="md-ellipsis"> Submodule sequin </span> </a> </li> <li class="md-nav__item"> <a href="../derivepassphrase.ssh_agent/" class="md-nav__link"> <span class="md-ellipsis"> Submodule ssh_agent </span> </a> </li> <li class="md-nav__item"> <a href="../derivepassphrase._types/" class="md-nav__link"> <span class="md-ellipsis"> Submodule _types </span> </a> </li> <li class="md-nav__item"> <a href="../derivepassphrase.vault/" class="md-nav__link"> <span class="md-ellipsis"> Submodule vault </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--section md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_4" > <label class="md-nav__link" for="__nav_4_4" id="__nav_4_4_label" tabindex=""> <span class="md-ellipsis"> Technical prerequisites </span> <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_4_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_4_4"> <span class="md-nav__icon md-icon"></span> Technical prerequisites </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../prerequisites-ssh-key/" class="md-nav__link"> <span class="md-ellipsis"> Using derivepassphrase vault with an SSH key </span> </a> </li> </ul> </nav> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" > <div class="md-nav__link md-nav__container"> <a href="../../explanation/" class="md-nav__link "> <span class="md-ellipsis"> Design & Background </span> </a> <label class="md-nav__link " for="__nav_5" id="__nav_5_label" tabindex="0"> <span class="md-nav__icon md-icon"></span> </label> </div> <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false"> <label class="md-nav__title" for="__nav_5"> <span class="md-nav__icon md-icon"></span> Design & Background </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../../explanation/faq-altered-versions/" class="md-nav__link"> <span class="md-ellipsis"> "altered versions" license requirement </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="../../changelog/" class="md-nav__link"> <span class="md-ellipsis"> Changelog </span> </a> </li> </ul> </nav> </div> </div> </div> <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" > <div class="md-sidebar__scrollwrap"> <div class="md-sidebar__inner"> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class="md-nav__title" for="__toc"> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix> <li class="md-nav__item"> <a href="#name" class="md-nav__link"> <span class="md-ellipsis"> NAME </span> </a> </li> <li class="md-nav__item"> <a href="#synopsis" class="md-nav__link"> <span class="md-ellipsis"> SYNOPSIS </span> </a> </li> <li class="md-nav__item"> <a href="#description" class="md-nav__link"> <span class="md-ellipsis"> DESCRIPTION </span> </a> </li> <li class="md-nav__item"> <a href="#options" class="md-nav__link"> <span class="md-ellipsis"> OPTIONS </span> </a> <nav class="md-nav" aria-label="OPTIONS"> <ul class="md-nav__list"> <li class="md-nav__item"> <a href="#passphrase-generation" class="md-nav__link"> <span class="md-ellipsis"> Passphrase generation </span> </a> </li> <li class="md-nav__item"> <a href="#configuration" class="md-nav__link"> <span class="md-ellipsis"> Configuration </span> </a> </li> <li class="md-nav__item"> <a href="#storage-management" class="md-nav__link"> <span class="md-ellipsis"> Storage management </span> </a> </li> <li class="md-nav__item"> <a href="#compatibility-and-extension-options" class="md-nav__link"> <span class="md-ellipsis"> Compatibility and extension options </span> </a> </li> <li class="md-nav__item"> <a href="#other-options" class="md-nav__link"> <span class="md-ellipsis"> Other Options </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="#shell-script-export-format" class="md-nav__link"> <span class="md-ellipsis"> SHELL SCRIPT EXPORT FORMAT </span> </a> </li> <li class="md-nav__item"> <a href="#ssh-key-suitability" class="md-nav__link"> <span class="md-ellipsis"> SSH KEY SUITABILITY </span> </a> </li> <li class="md-nav__item"> <a href="#environment" class="md-nav__link"> <span class="md-ellipsis"> ENVIRONMENT </span> </a> </li> <li class="md-nav__item"> <a href="#files" class="md-nav__link"> <span class="md-ellipsis"> FILES </span> </a> </li> <li class="md-nav__item"> <a href="#security" class="md-nav__link"> <span class="md-ellipsis"> SECURITY </span> </a> </li> <li class="md-nav__item"> <a href="#examples" class="md-nav__link"> <span class="md-ellipsis"> EXAMPLES </span> </a> </li> <li class="md-nav__item"> <a href="#diagnostics" class="md-nav__link"> <span class="md-ellipsis"> DIAGNOSTICS </span> </a> <nav class="md-nav" aria-label="DIAGNOSTICS"> <ul class="md-nav__list"> <li class="md-nav__item"> <a href="#fatal-error-messsages-on-standard-error" class="md-nav__link"> <span class="md-ellipsis"> Fatal error messsages on standard error </span> </a> </li> <li class="md-nav__item"> <a href="#non-fatal-warning-and-info-messages-on-standard-error" class="md-nav__link"> <span class="md-ellipsis"> Non-fatal warning and info messages on standard error </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="#compatibility" class="md-nav__link"> <span class="md-ellipsis"> COMPATIBILITY </span> </a> <nav class="md-nav" aria-label="COMPATIBILITY"> <ul class="md-nav__list"> <li class="md-nav__item"> <a href="#with-other-software" class="md-nav__link"> <span class="md-ellipsis"> With other software </span> </a> </li> <li class="md-nav__item"> <a href="#forward-and-backward-compatibility" class="md-nav__link"> <span class="md-ellipsis"> Forward and backward compatibility </span> </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="#see-also" class="md-nav__link"> <span class="md-ellipsis"> SEE ALSO </span> </a> </li> <li class="md-nav__item"> <a href="#author" class="md-nav__link"> <span class="md-ellipsis"> AUTHOR </span> </a> </li> <li class="md-nav__item"> <a href="#bugs" class="md-nav__link"> <span class="md-ellipsis"> BUGS </span> </a> </li> </ul> </nav> </div> </div> </div> <div class="md-content" data-md-component="content"> <article class="md-content__inner md-typeset"> <a href="https://github.com/the-13th-letter/derivepassphrase/raw/master/docs/reference/derivepassphrase-vault.1.md" title="View source of this page" class="md-content__button md-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M17 18c.56 0 1 .44 1 1s-.44 1-1 1-1-.44-1-1 .44-1 1-1m0-3c-2.73 0-5.06 1.66-6 4 .94 2.34 3.27 4 6 4s5.06-1.66 6-4c-.94-2.34-3.27-4-6-4m0 6.5a2.5 2.5 0 0 1-2.5-2.5 2.5 2.5 0 0 1 2.5-2.5 2.5 2.5 0 0 1 2.5 2.5 2.5 2.5 0 0 1-2.5 2.5M9.27 20H6V4h7v5h5v4.07c.7.08 1.36.25 2 .49V8l-6-6H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h4.5a8.2 8.2 0 0 1-1.23-2"/></svg> </a> <h1 id="derivepassphrase-vault1">derivepassphrase-vault(1)<a class="headerlink" href="#derivepassphrase-vault1" title="Permanent link">¶</a></h1> <h2 id="name">NAME<a class="headerlink" href="#name" title="Permanent link">¶</a></h2> <p>derivepassphrase-vault – derive a passphrase using the vault derivation scheme</p> <h2 id="synopsis">SYNOPSIS<a class="headerlink" href="#synopsis" title="Permanent link">¶</a></h2> <pre> <code><b>derivepassphrase vault</b> [--phrase | --key] [--length <var>n</var>] [--repeat <var>n</var>] [--lower <var>n</var>] [--upper <var>n</var>] [--number <var>n</var>] [--space <var>n</var>] [--dash <var>n</var>] [--symbol <var>n</var>] <var>SERVICE</var></code> <code><b>derivepassphrase vault</b> {--phrase | --key | … | --symbol <var>n</var>} … --config [--unset <var>setting</var> …] [--overwrite-existing | --merge-existing] [<var>SERVICE</var>]</code> <code><b>derivepassphrase vault</b> {--notes <var>SERVICE</var> | --delete <var>SERVICE</var> | --delete-globals | --clear}</code> <code><b>derivepassphrase vault</b> [--export-as {json | sh}] {--import <var>PATH</var> | --export <var>PATH</var>}</code> </pre> <h2 id="description">DESCRIPTION<a class="headerlink" href="#description" title="Permanent link">¶</a></h2> <p>Using a master passphrase, derive a passphrase for <var>SERVICE</var>, subject to length, character and character repetition constraints, in a manner compatible with James Coglan’s <i>vault</i>(1).</p> <p>The derivation is <em>strong</em>: derived passphrases have as much entropy as permitted by the master passphrase and the passphrase constraints (whichever is more restrictive), and even if multiple derived passphrases are compromised, the master passphrase remains cryptographically difficult to discern from these compromised passphrases. The derivation is also <em>deterministic</em>, given the same inputs, thus the resulting passphrase need not be stored explicitly.</p> <p>The service name and constraints themselves also need not be kept secret; the latter are usually stored in a world-readable file to ease repeated entry of passphrase constraints.</p> <p>In lieu of a master passphrase, a master SSH key can also be used if there is a reachable, running SSH agent currently holding this key and if the key type is supported. (See <a href="#ssh-key-suitability">“SSH KEY SUITABILITY”</a> and <a href="#bugs">“BUGS”</a> below.) This too is compatible with <i>vault</i>(1).</p> <h2 id="options">OPTIONS<a class="headerlink" href="#options" title="Permanent link">¶</a></h2> <h3 id="passphrase-generation">Passphrase generation<a class="headerlink" href="#passphrase-generation" title="Permanent link">¶</a></h3> <p>The passphrase generation options can be divided into “passphrase source” options (<code>--phrase</code>, <code>--key</code>) and “passphrase constraint” options (all others). The passphrase source options are mutually exclusive — you may only specify one of them — while the passphrase constraint options may be combined in any way. The <var>SERVICE</var> is mandatory (see synopsis #1), unless the <code>--config</code> option is specified (see synopsis #2). All character constraints refer to ASCII printable characters only (space (<code>U+0020</code>) to tilde (<code>U+007E</code>), excluding the grave accent (<code>U+0060</code>)).</p> <dl> <dt><b>-p</b>, <b>-</b><b>-phrase</b></dt> <dd> <p>Prompt for a passphrase.</p> <p>See also <a href="#configuration">“Configuration”</a> for how this interacts with a stored passphrase or SSH key.</p> </dd> <dt><b>-k</b>, <b>-</b><b>-key</b></dt> <dd> <p>Select an SSH key.</p> <p>An SSH agent such as OpenSSH’s <i>ssh-agent</i>(1) or PuTTY’s <i>pageant</i>(1) must be running and accessible, and have the desired key loaded. The SSH key must also be <i>suitable</i> for this purpose; see <a href="#ssh-key-suitability">“SSH KEY SUITABILITY”</a> for details.</p> <p>See also <a href="#configuration">“Configuration”</a> for how this interacts with a stored passphrase or SSH key.</p> </dd> <dt><b>-l</b> <var>n</var>, <b>-</b><b>-length</b> <var>n</var></dt> <dd>Force the passphrase to have the length <var>n</var>. Defaults to the length <b>20</b> if not specified, or if explicitly specified as <code>0</code>.</dd> <dt><b>-r</b> <var>n</var>, <b>-</b><b>-repeat</b> <var>n</var></dt> <dd>Permit only runs of up to <var>n</var> consecutive occurrences of the same character. Alternatively, forbid immediate additional repetitions of length <var>n</var> (or more) for any character in the derived passphrase. Setting <var>n</var> = <code>0</code> disables repetition constraints, which is the default.</dd> <dt><b>-</b><b>-lower</b> <var>n</var></dt> <dd>Include at least <var>n</var> lowercase characters in the derived passphrase. Setting <var>n</var> = <code>0</code> forbids these characters entirely. The default is to not constrain the occurrences in any manner.</dd> <dt><b>-</b><b>-upper</b> <var>n</var></dt> <dd>Include at least <var>n</var> uppercase characters in the derived passphrase. Setting <var>n</var> = <code>0</code> forbids these characters entirely. The default is to not constrain the occurrences in any manner.</dd> <dt><b>-</b><b>-number</b> <var>n</var></dt> <dd>Include at least <var>n</var> digits in the derived passphrase. Setting <var>n</var> = <code>0</code> forbids these characters entirely. The default is to not constrain the occurrences in any manner.</dd> <dt><b>-</b><b>-space</b> <var>n</var></dt> <dd>Include at least <var>n</var> spaces in the derived passphrase. Setting <var>n</var> = <code>0</code> forbids these characters entirely. The default is to not constrain the occurrences in any manner.</dd> <dt><b>-</b><b>-dash</b> <var>n</var></dt> <dd>Include at least <var>n</var> “dashes” (<code>-</code> or <code>_</code>) in the derived passphrase. Setting <var>n</var> = <code>0</code> forbids these characters entirely. The default is to not constrain the occurrences in any manner.</dd> <dt><b>-</b><b>-symbol</b> <var>n</var></dt> <dd>Include at least <var>n</var> symbols (any of <code>!"#$%&'()*+,./:;<=>?@[\]^{|}~-_</code>) in the derived passphrase. Setting <var>n</var> = <code>0</code> forbids these characters entirely, effectively also implying <code>--dash 0</code>. The default is to not constrain the occurrences in any manner.</dd> </dl> <h3 id="configuration">Configuration<a class="headerlink" href="#configuration" title="Permanent link">¶</a></h3> <p>The configuration options directly modify the stored settings: default settings, known services, and service-specific settings. They are mutually exclusive; you may only specify one of them. The <var>SERVICE</var> is mandatory for <code>--notes</code> and <code>--delete</code>, optional for <code>--config</code>, and forbidden for <code>--delete-globals</code> and <code>--clear</code> (see synopsis #2 and synopsis #3).</p> <dl> <dt><b>-n</b>, <b>-</b><b>-notes</b></dt> <dd>Spawn an editor to edit notes for <var>SERVICE</var>. Use the <code>VISUAL</code> or <code>EDITOR</code> environment variables to configure the spawned editor.</dd> <dt><b>-c</b>, <b>-</b><b>-config</b></dt> <dd> <p>Save the given settings for <var>SERVICE</var> (if given), or save the given settings as global default settings.</p> <p>See the <a href="#passphrase-generation">“Passphrase generation”</a> and <a href="#compatibility-and-extension-options">“Compatibility and extension options”</a> sections for other options compatible with <code>--config</code>.</p> <div class="admonition danger"> <p class="admonition-title">Danger</p> <p>Do <strong>not</strong> use the <code>--phrase</code> and <code>--config</code> options together. The configuration is assumed to <em>not contain sensitive contents</em>, and is <em>not encrypted</em>.</p> </div> </dd> <dt><b>-x</b>, <b>-</b><b>-delete</b></dt> <dd>Delete all stored settings for <var>SERVICE</var>.</dd> <dt><b>-</b><b>-delete-globals</b></dt> <dd>Delete all stored global default settings.</dd> <dt><b>-X</b>, <b>-</b><b>-clear</b></dt> <dd>Delete all stored settings.</dd> </dl> <h3 id="storage-management">Storage management<a class="headerlink" href="#storage-management" title="Permanent link">¶</a></h3> <p>The storage management options deal with importing and exporting the stored settings. They are mutually exclusive; you may only specify one of them. Using <code>-</code> as <var>PATH</var> for standard input/standard output is supported.</p> <dl> <dt><b>-e</b> <var>PATH</var>, <b>-</b><b>-export</b> <var>PATH</var></dt> <dd>Export all saved settings into file <var>PATH</var>.</dd> <dt><b>-i</b> <var>PATH</var>, <b>-</b><b>-import</b> <var>PATH</var></dt> <dd>Import saved settings from file <var>PATH</var>.</dd> </dl> <h3 id="compatibility-and-extension-options">Compatibility and extension options<a class="headerlink" href="#compatibility-and-extension-options" title="Permanent link">¶</a></h3> <p>By default, <b>derivepassphrase vault</b> behaves in a manner compatible with <i>vault</i>(1). The compatibility and extension options modify the behavior to enable additional functionality, or specifically to force compatibility.</p> <p><i>vault</i>(1) supports none of these options, and behaves as if the option had not been given or had been left in its default state.</p> <dl> <dt><b>-</b><b>-overwrite-existing</b> / <b>-</b><b>-merge-existing</b></dt> <dd> <p>When importing a configuration via <code>--import</code>, or configuring the settings via <code>--config</code>, overwrite or merge (<em>default</em>) the existing configuration.</p> <p>If overwriting the configuration, then the whole configuration (for <code>--import</code>) or the respective section (service-specific or global, for <code>--config</code>), will be written from scratch. If merging, then each section (service-specific or global, for <code>--import</code>) or each singular setting (for <code>--config</code>) will be overwritten, but other unaffected settings/sections will not.</p> <p>(<i>vault</i>(1) behaves as if <code>--merge-existing</code> were always given.)</p> </dd> <dt><b>-</b><b>-unset</b> <var>setting</var></dt> <dd> <p>When configuring via <code>--config</code>, also unset the specified <var>setting</var>, where <var>setting</var> is one of the passphrase generation settings (<code>phrase</code>, <code>key</code>, <code>lower</code>, …). May be specified multiple times. Must not overlap with any of the settings being set afterwards.</p> <p>(vault(1) does not support this option.)</p> </dd> <dt><b>-</b><b>-export-as</b> { <b>json</b> | <b>sh</b> }</dt> <dd> <p>When exporting the configuration via <code>--export</code>, export as JSON (default) or as a shell script in <i>sh</i>(1) format.</p> <p>The JSON format is compatible with <i>vault</i>(1). For the shell script format, see the <a href="#shell-script-export-format">“SHELL SCRIPT EXPORT FORMAT”</a> section for details.</p> <p>(vault(1) behaves as if <code>--export-as json</code> were always given.)</p> </dd> </dl> <h3 id="other-options">Other Options<a class="headerlink" href="#other-options" title="Permanent link">¶</a></h3> <dl> <dt><b>-</b><b>-version</b></dt> <dd>Show the version and exit.</dd> <dt><b>-h</b>, <b>-</b><b>-help</b></dt> <dd>Show a help message and exit.</dd> </dl> <h2 id="shell-script-export-format">SHELL SCRIPT EXPORT FORMAT<a class="headerlink" href="#shell-script-export-format" title="Permanent link">¶</a></h2> <p>If the shell script export format is selected, the configuration will be exported as a POSIX <i>sh</i>(1) script, containing calls to <b>derivepassphrase vault</b> to reconstruct the current configuration from scratch. The script assumes a conforming <i>sh</i>(1), with support for “here” documents.</p> <div class="admonition danger"> <p class="admonition-title">Danger</p> <p><strong>Do not run these emitted shell scripts directly without double-checking their output first!</strong></p> </div> <h2 id="ssh-key-suitability">SSH KEY SUITABILITY<a class="headerlink" href="#ssh-key-suitability" title="Permanent link">¶</a></h2> <p>An SSH key is <dfn>suitable</dfn> for use with <b>derivepassphrase vault</b> if the SSH agent guarantees that signatures produced with this key will be <em>deterministic</em>, given the same message to be signed. This is a property specific to the key type, and sometimes the agent used:</p> <ul> <li> <p>RSA, Ed25519 and Ed448 keys are always suitable. OpenSSH’s <i>ssh-agent</i>(1) supports only these keys as suitable keys.</p> </li> <li> <p>DSA and ECDSA keys are suitable if the SSH agent supports deterministic DSA signatures, e.g. by implementing RFC 6979. PuTTY’s <i>pageant</i>(1) supports this, in addition to the always-suitable keys mentioned above.</p> </li> </ul> <h2 id="environment">ENVIRONMENT<a class="headerlink" href="#environment" title="Permanent link">¶</a></h2> <dl> <dt><code>VISUAL</code>, <code>EDITOR</code></dt> <dd><b>derivepassphrase vault</b> uses this editor to edit service notes when called with <code>--notes</code>. <code>VISUAL</code> has higher precedence than <code>EDITOR</code>.</dd> <dt><code>DERIVEPASSPHRASE_PATH</code></dt> <dd><b>derivepassphrase</b> stores its configuration files and data in this directory. Defaults to <code>~/.derivepassphrase</code>.</dd> </dl> <h2 id="files">FILES<a class="headerlink" href="#files" title="Permanent link">¶</a></h2> <dl> <dt><code>$DERIVEPASSPHRASE_PATH/vault.json</code></dt> <dd>The stored configuration for <b>derivepassphrase vault</b>: the default passphrase generation settings, the known service names, and the service-specific settings. This file is <em>not</em> intended for the user to edit.</dd> </dl> <h2 id="security">SECURITY<a class="headerlink" href="#security" title="Permanent link">¶</a></h2> <div class="admonition danger"> <p class="admonition-title">Danger</p> <ul> <li> <p>There is <strong>no way</strong> to retrieve the generated passphrases if the master passphrase, the SSH key, or the exact passphrase settings are lost, short of trying out all possible combinations. You are <strong>strongly</strong> advised to keep independent backups of the settings and the SSH key, if any.</p> </li> <li> <p>The configuration is <strong>not</strong> encrypted, and you are <strong>strongly</strong> discouraged from using a stored passphrase.</p> </li> <li> <p>You are <strong>strongly</strong> advised to avoid the (shell script) configuration export format if possible, and use the JSON format instead. If you <em>must</em> use the shell script format, then <strong>always</strong> validate the export before attempting to interpret or run it.</p> </li> </ul> </div> <h2 id="examples">EXAMPLES<a class="headerlink" href="#examples" title="Permanent link">¶</a></h2> <details class="example"> <summary><code>derivepassphrase vault --phrase email</code></summary> <p>Prompt for a master passphrase, then generate a standard passphrase (length 20, no character or repetition constraints) for the “email” service.</p> </details> <details class="example"> <summary><code>derivepassphrase vault --key --upper 9 --lower 9 example.com</code></summary> <p>Select an SSH key from the available suitable SSH keys in the running SSH agent, then generate a passphrase for the <code>example.com</code> service using the previously selected SSH key. The passphrase will have (standard) length 20, and at least nine characters will be uppercase characters and at least another nine characters will be lowercase characters.</p> </details> <details class="example"> <summary><code>derivepassphrase example.com vault --key --upper 9 --lower 9 --number 9</code></summary> <p>Attempt to generate a passphrase as in the previous example. This example will <em>error out</em>, because the passphrase constraints require at least 27 characters and the standard passphrase length 20 cannot accomodate this.</p> </details> <details class="example"> <summary><code>derivepassphrase --config vault --key --upper 9 --lower 9 --space 2</code></summary> <p>After selecting an SSH key, configure the default settings to use exactly nine uppercase characters, nine lowercase characters, and two spaces for each generated passphrase. (The specific service settings, or the command-line invocation, can still override these settings.)</p> </details> <details class="example"> <summary><code>derivepassphrase vault example.com</code></summary> <p>Because of the previous setting, the generated passphrase for the <code>example.com</code> service will behave as if <code>--key --upper 9 --lower 9 --space 2</code> had been specified during invocation (with the SSH key already having been selected). In particular, it is neither necessary to specify <code>--phrase</code> or <code>--key</code> nor is it necessary to actually select an SSH key or to type in a master passphrase.</p> </details> <h2 id="diagnostics">DIAGNOSTICS<a class="headerlink" href="#diagnostics" title="Permanent link">¶</a></h2> <p>The <b>derivepassphrase vault</b> utility exits 0 on success, and >0 if an error occurs.</p> <h3 id="fatal-error-messsages-on-standard-error">Fatal error messsages on standard error<a class="headerlink" href="#fatal-error-messsages-on-standard-error" title="Permanent link">¶</a></h3> <p>(<code>%s</code> indicates a variable part of the message.)</p> <details class="failure"> <summary><code>%s is mutually exclusive with %s.</code></summary> <p>The two indicated options must not be used at the same time.</p> </details> <details class="failure"> <summary><code>%s requires a SERVICE or --config.</code></summary> <p>Using the indicated passphrase generation option requires the <var>SERVICE</var> argument or the <code>--config</code> option.</p> </details> <details class="failure"> <summary><code>%s requires a SERVICE.</code></summary> <p>Using the indicated option requires the <var>SERVICE</var> argument.</p> </details> <details class="failure"> <summary><code>%s does not take a SERVICE argument.</code></summary> <p>The indicated option must not be specified together with the <var>SERVICE</var> argument.</p> </details> <details class="failure"> <summary><code>Cannot load vault settings: %s.</code></summary> <p>There was a fatal problem loading the stored vault configuration data. Further details are contained in the variable part of the message.</p> </details> <details class="failure"> <summary><code>Cannot store vault settings: %s.</code></summary> <p>There was a fatal problem saving the vault configuration data. Further details are contained in the variable part of the message.</p> </details> <details class="failure"> <summary><code>Cannot import vault settings: %s.</code></summary> <p>There was a fatal problem loading the imported vault configuration data. Further details are contained in the variable part of the message.</p> </details> <details class="failure"> <summary><code>Cannot export vault settings: %s.</code></summary> <p>There was a fatal problem saving the exported vault configuration data. Further details are contained in the variable part of the message.</p> </details> <details class="failure"> <summary><code>Cannot load user config: %s.</code></summary> <p>There was a fatal problem loading the central user configuration file. Further details are contained in the variable part of the message.</p> </details> <details class="failure"> <summary><code>The user configuration file is invalid.</code></summary> <p>(Exactly what it says.)</p> </details> <details class="failure"> <summary><code>No usable SSH keys were found</code></summary> <p>The running SSH agent does not contain any suitable SSH keys.</p> </details> <details class="failure"> <summary><code>No valid SSH key selected</code></summary> <p>We requested that an SSH key be selected, but we got an invalid selection.</p> </details> <details class="failure"> <summary><code>The requested SSH key is not loaded into the agent.</code></summary> <p>The running SSH agent does not contain the necessary SSH key.</p> </details> <details class="failure"> <summary><code>Cannot find any running SSH agent because SSH_AUTH_SOCK is not set.</code></summary> <p>We require a running SSH agent, but cannot locate its communication channel, which is normally indicated by the <code>SSH_AUTH_SOCK</code> environment variable.</p> </details> <details class="failure"> <summary><code>Cannot connect to an SSH agent because this Python version does not support UNIX domain sockets.</code></summary> <p>This Python installation does not support the communication mechanism necessary to talk to SSH agents.</p> </details> <details class="failure"> <summary><code>Cannot connect to the SSH agent: %s.</code></summary> <p>We cannot connect to the SSH agent indicated by the <code>SSH_AUTH_SOCK</code> environment variable. Further details are contained in the variable part of the message.</p> </details> <details class="failure"> <summary><code>The SSH agent failed to or refused to supply a list of loaded keys.</code></summary> <p>The SSH agent—while responsive in principle—did not fulfill the request.</p> </details> <details class="failure"> <summary><code>The SSH agent failed to or refused to issue a signature with the selected key, necessary for deriving a service passphrase.</code></summary> <p>The SSH agent—while responsive in principle—failed to cooperate with deriving a service passphrase from the selected master SSH key.</p> </details> <details class="failure"> <summary><code>The SSH agent contains no keys suitable for derivepassphrase.</code></summary> <p>None of the keys loaded into the SSH agent (if any) are suitable for use with <b>derivepassphrase vault</b>. See the <a href="#ssh-key-suitability">“SSH KEY SUITABILITY”</a> section for the requirements the SSH key and the SSH agent must fulfill to be suitable.</p> </details> <details class="failure"> <summary><code>Error communicating with the SSH agent</code></summary> <p>There was a system error communicating with the SSH agent.</p> </details> <details class="failure"> <summary><code>Cannot understand the SSH agent's response because it violates the communication protocol.</code></summary> <p>(Exactly what it says.)</p> </details> <details class="failure"> <summary><code>Not saving any new notes: the user aborted the request.</code></summary> <p>(Exactly what it says.)</p> </details> <details class="failure"> <summary><code>Cannot update %s settings without actual settings.</code></summary> <p>Using <code>--config</code> requires at least one of the <code>--phrase</code>, <code>--key</code>, <code>--length</code>, etc. options.</p> </details> <details class="failure"> <summary><code>Attempted to unset and set %s at the same time.</code></summary> <p>While handling <code>--config</code>, the same configuration setting was passed as an option and as an argument to <code>--unset</code>.</p> </details> <details class="failure"> <summary><code>Generating a passphrase requires a SERVICE.</code></summary> <p>(Exactly what it says.)</p> </details> <details class="failure"> <summary><code>No passphrase or key was given in the configuration.</code></summary> <p><b>derivepassphrase vault</b> does not know whether to use a master SSH key or a master passphrase.</p> </details> <details class="failure"> <summary><code>No passphrase was given: the user aborted the request.</code></summary> <p>(Exactly what it says.)</p> </details> <details class="failure"> <summary><code>No SSH key was selected: the user aborted the request.</code></summary> <p>(Exactly what it says.)</p> </details> <h3 id="non-fatal-warning-and-info-messages-on-standard-error">Non-fatal warning and info messages on standard error<a class="headerlink" href="#non-fatal-warning-and-info-messages-on-standard-error" title="Permanent link">¶</a></h3> <p>(<code>%s</code> indicates a variable part of the message.)</p> <details class="warning"> <summary><code>The %s passphrase is not %s-normalized.</code></summary> <p>The indicated passphrase—as a Unicode string—is not properly normalized according to the preferred Unicode normalization form (as specified in the central configuration file). It is therefore possible that the passphrase—as a byte string—is not the same byte string as you expect it to be (even though it <em>looks</em> correct), and that the derived passphrases thus do not match their expected values either. Please double-check.</p> </details> <details class="warning"> <summary><code>An empty SERVICE is not supported by vault(1).</code></summary> <p><i>vault</i>(1) does not support the empty string as a value for <var>SERVICE</var>; it will treat the <var>SERVICE</var> as missing. For compatibility, <b>derivepassphrase vault</b> will do the same. In particular, if the empty service is imported in a configuration via <code>--import</code>, then this service cannot be accessed via the <b>derivepassphrase vault</b> command-line.</p> </details> <details class="warning"> <summary><code>Replacing invalid value %s for key %s with %s.</code></summary> <p>When importing a configuration, the indicated invalid value has been replaced with the indicated replacement value. (The “interpretation” of the configuration doesn’t change).</p> </details> <details class="warning"> <summary><code>Removing ineffective setting %s = %s.</code></summary> <p>When importing a configuration, the indicated ineffective setting has been removed. (The “interpretation” of the configuration doesn’t change).</p> </details> <details class="warning"> <summary><code>The service name %s contains an ASCII control character, which is not supported by our shell completion code.</code></summary> <p>Because of limitations in the shell completion code, this specific service name will not be available as a suggestion in tab completion. (This <em>only</em> affects tab completion, not other functionality.)</p> </details> <details class="warning"> <summary><code>Setting a %s passphrase is ineffective because a key is also set.</code></summary> <p>The configuration (global or key-specific) contains both a stored master passphrase and an SSH key. The master passphrase will not take effect.</p> </details> <details class="warning"> <summary><code>A subcommand will be required in v1.0.</code></summary> <p>[Since v0.2.0, until v1.0.] This command now requires a subcommand. For compatibility, it currently defaults to “vault”.</p> </details> <details class="warning"> <summary><code>Using deprecated v0.1-style config file %s, instead of v0.2-style %s.</code></summary> <p>[Since v0.2.0, until v1.0.] A configuration file has been renamed. <b>derivepassphrase vault</b> will attempt to rename the file itself (<code>Successfully migrated to %s.</code>), or complain if it cannot rename it (<code>Failed to migrate to %s: %s</code>).</p> </details> <h2 id="compatibility">COMPATIBILITY<a class="headerlink" href="#compatibility" title="Permanent link">¶</a></h2> <h3 id="with-other-software">With other software<a class="headerlink" href="#with-other-software" title="Permanent link">¶</a></h3> <p><b>derivepassphrase vault</b> is <em>almost</em> drop-in compatible with James Coglan’s <i>vault</i>(1), version 0.3.0 (including “storeroom” support), meaning that each tool supports the same file formats and command-line arguments/options as the other one.</p> <p>Exceptions:</p> <ul> <li> <p><i>vault</i>(1) does not support the <a href="#compatibility-and-extension-options">“Compatibility and extension options”</a> listed above.</p> </li> <li> <p><b>derivepassphrase vault</b> can import and generate configuration exports in the same format as <i>vault</i>(1), but it cannot <em>natively</em> read or write <i>vault</i>(1)’s configuration file (non-storeroom) or configuration directory (storeroom). (The sister command <i>derivepassphrase-export</i>(1) can read both these formats and export the contents.)</p> </li> </ul> <h3 id="forward-and-backward-compatibility">Forward and backward compatibility<a class="headerlink" href="#forward-and-backward-compatibility" title="Permanent link">¶</a></h3> <ul> <li>[Since v0.2.0.] In v1.0, the commands <b>derivepassphrase</b> and <b>derivepassphrase export</b> will require an explicit subcommand name. Both default to the subcommand <b>vault</b>.</li> <li>[Since v0.2.0.] In v1.0, the configuration data file for the <b>vault</b> subcommand will be named <code>vault.json</code>, instead of <code>config.json</code>.</li> <li>[Since v0.2.0, to be removed in v1.0.] An existing configuration data file <code>config.json</code> will be attempted to be renamed to <code>vault.json</code>.</li> </ul> <h2 id="see-also">SEE ALSO<a class="headerlink" href="#see-also" title="Permanent link">¶</a></h2> <p><a href="../derivepassphrase.1/"><i>derivepassphrase</i>(1)</a>, <a href="https://www.chiark.greenend.org.uk/~sgtatham/putty/"><i>pageant</i>(1)</a>, <a href="https://www.openssh.com/"><i>ssh-agent</i>(1)</a>, <a href="https://www.npmjs.com/package/vault" title="James Coglan's 'vault'"><i>vault</i>(1)</a>.</p> <h2 id="author">AUTHOR<a class="headerlink" href="#author" title="Permanent link">¶</a></h2> <p><a href="https://the13thletter.info">Marco Ricci</a> (<code>software</code> at <code>the13thletter</code> dot <code>info</code>)</p> <h2 id="bugs">BUGS<a class="headerlink" href="#bugs" title="Permanent link">¶</a></h2> <ul> <li> <p>The defaults are dictated by <i>vault</i>(1), necessitating the <a href="#compatibility-and-extension-options">“Compatibility and extension options”</a>. (WONTFIX.)</p> </li> <li> <p>The Windows version does not support SSH keys because Python on Windows does not support the predominant type of inter-process communication used by SSH agents on Windows.</p> </li> </ul> </article> </div> </div> </main> <footer class="md-footer"> <nav class="md-footer__inner md-grid" aria-label="Footer" > <a href="../derivepassphrase.1/" class="md-footer__link md-footer__link--prev" aria-label="Previous: derivepassphrase(1)"> <div class="md-footer__button md-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg> </div> <div class="md-footer__title"> <span class="md-footer__direction"> Previous </span> <div class="md-ellipsis"> derivepassphrase(1) </div> </div> </a> <a href="../derivepassphrase-export.1/" class="md-footer__link md-footer__link--next" aria-label="Next: derivepassphrase-export(1)"> <div class="md-footer__title"> <span class="md-footer__direction"> Next </span> <div class="md-ellipsis"> derivepassphrase-export(1) </div> </div> <div class="md-footer__button md-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11z"/></svg> </div> </a> </nav> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class="md-copyright"> <div class="md-copyright__highlight"> Copyright © 2025 Marco Ricci (the-13th-letter) </div> Made with <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener"> Material for MkDocs </a> and <a href="https://mkdocstrings.github.io/python/" target="_blank" rel="noopener"> mkdocstrings-python </a> </div> </div> </div> </footer> </div> <div class="md-dialog" data-md-component="dialog"> <div class="md-dialog__inner md-typeset"></div> </div> </body> </html>
