I recently came across a post on using vim as a password manager so I thought I'd post a companion article on using ed(1) as a password manager.

The main goal is to be able to keep the secrets encrypted at all times on disk, only decrypting within the active ed(1) session.

BSD ed(1) offers an x command (well, OpenBSD removed it in revision 1.37 of /src/bin/ed/main.c "because DES") that allows for weak DES encryption of the file. However, we want stronger encryption and portability between various versions of ed(1) so will ignore this option.

Writing our encrypted password file to disk

To begin, we'll open up ed(1) and add some password content

user@hostname$ ed a https://example.com Username: demo Password: Pa$$w0rd1 imaps://example.edu Username: jstudent@example.edu Password: ed(1)uc8 .

Now, instead of writing the unencrypted password file, we'll use gnupg to encrypt the file and write it out to the disk by piping the file through gpg instructing it to write to our password file. Note the trailing " - " which tells gpg to read the input from stdin . gpg will prompt for a passphrase and confirmation of that password.

w !gpg --symmetric --output passwords.gpg - Enter passphrase: Password1 Repeat passphrase: Password1 127

ed(1) informs us that it successfully piped our 127 bytes of data through gpg but we can confirm that the passwords.gpg file was written and then we can quit to go about our day:

!ls passwords.gpg passwords.gpg ! q

Reading our encrypted password file from disk

Now, we want to be able to look up a password to enter at some future point. So we fire up ed(1) and decrypt our passwords.

user@hostname$ ed r !gpg --decrypt passwords.gpg Enter passphrase: Password1

We want to look up our log-in credentials for our email server so we issue

?imap.*edu imaps://example.edu + Username: jstudent@example.edu + Password: ed(1)uc8 Q

(Yes, using " + " can be replaced with just hitting " <Enter> ") Alternatively, we could use grep(1) or sed(1) to filter the results and show some context:

user@hostname$ gpg --decrypt passwords.gpg | grep -A2 example.com Enter passphrase: Password1 https://example.com Username: demo Password: Pa$$w0rd1 user@hostname$ gpg --decrypt passwords.gpg | sed -n '/example.com/,/^$/p' Enter passphrase: Password1 https://example.com Username: demo Password: Pa$$w0rd1

Modifying our password lists

Now we want to modify our document and/or change our master-password:

user@hostname$ ed r !gpg --decrypt passwords.gpg Enter passphrase: Password1 127 3s/Pa..w0rd1/Pbuttwrd1 Password: Pbuttwrd1 $a https://twitter.com/ Username: ed1conf Password: EyeDonutThinkSew . w !gpg --symmetric --output passwords.gpg - Enter passphrase: NewPassword2 Repeat passphrase: NewPassword2 File `passwords.gpg` exists. Overwrite? (y/N) y 194