# derivepassphrase(1)
## NAME
derivepassphrase – derive a strong passphrase, deterministically, from
a master secret
## SYNOPSIS
````
derivepassphrase [OPTIONS] [SERVICE]
````
## DESCRIPTION
Using a master passphrase or a master SSH key, derive a passphrase for
SERVICE, subject to length, character and character repetition
constraints. The derivation is cryptographically strong, meaning that even
if a single passphrase is compromised, guessing the master passphrase or
a different service's passphrase is computationally infeasible. The
derivation is also deterministic, given the same inputs, thus the resulting
passphrase need not be stored explicitly. The service name and constraints
themselves also need not be kept secret; the latter are usually stored in
a world-readable file.
If operating on global settings, or importing/exporting settings, then
SERVICE must be omitted. Otherwise it is required.
## OPTIONS
### Password generation
-p, --phrase
: prompts you for your passphrase
-k, --key
: uses your SSH private key to generate passwords
-l, --length NUMBER
: emits password of length NUMBER
-r, --repeat NUMBER
: allows maximum of NUMBER repeated adjacent chars
--lower NUMBER
: includes at least NUMBER lowercase letters
--upper NUMBER
: includes at least NUMBER uppercase letters
--number NUMBER
: includes at least NUMBER digits
--space NUMBER
: includes at least NUMBER spaces
--dash NUMBER
: includes at least NUMBER `-` or `_`
--symbol NUMBER
: includes at least NUMBER symbol chars
Use NUMBER=0, e.g. `--symbol 0`, to exclude a character type from
the output.
### Configuration
-n, --notes
: spawn an editor to edit notes for SERVICE
-c, --config
: saves the given settings for SERVICE or global
-x, --delete
: deletes settings for SERVICE
--delete-globals
: deletes the global shared settings
-X, --clear
: deletes all settings
Use `$VISUAL` or `$EDITOR` to configure the spawned editor.
### Storage management
-e, --export PATH
: export all saved settings into file PATH
-i, --import PATH
: import saved settings from file PATH
Using `-` as PATH for standard input/standard output is supported.
### Other Options
--version
: Show the version and exit.
-h, --help
: Show this message and exit.
## WARNINGS
There is **no way** to retrieve the generated passphrases if the master
passphrase, the SSH key, or the exact passphrase settings are lost,
short of trying out all possible combinations. You are **strongly**
advised to keep independent backups of the settings and the SSH key, if
any.
## CONFIGURATION
Configuration is stored in a directory according to the
`$DERIVEPASSPHRASE_PATH` variable, which defaults to `~/.derivepassphrase` on
UNIX-like systems and `C:\Users\\AppData\Roaming\Derivepassphrase` on
Windows. The configuration is **not** encrypted, and you are **strongly**
discouraged from using a stored passphrase.
## SEE ALSO
[vault(1)](https://github.com/jcoglan/vault)