cPasswords
cPasswords is a group password manager develop by the CRANS.
Client installation
Please install
python3 gettext python3-paramiko python3-pyperclip python3-gpg
and xclip
(optionnal).
- Add you GPG fingerprint and your SSH key to the cpassword server. For the CRANS, you can do this on the intranet.
- Clone the code,
git clone git@gitlab.crans.org:nounous/cranspasswords.git
, - Launch
pip3 install --user .
, - Make sure the install path (
~/.local/bin
) is in your$PATH
, - Try
cranspasswords test
to decrypt a test password.
Server installation
- Clone the code,
git clone git@gitlab.crans.org:nounous/cranspasswords.git
, - Launch
pip3 install --user .
, - Add a sudoers rule to enable users from
sudoers_group
to launch cpasswords,%sudoers_group ALL=(root) NOPASSWD: /usr/local/bin/cranspasswords-server
- Copy and adapt
docs/serverconfig.example.py
to/etc/cranspasswords/serverconfig.py
. - Create
/var/lib/cranspasswords/db/
with owner root and mod 700 (root only).
How to
Develop
With a Python virtualenv,
python3 -m venv venv
. venv/bin/activate
pip install -e .
Then you will be able to launch the client with cpasswords
or the server with cpasswords-server
.
Update recipients
If you added a recipient in a role, you should use --recrypt
to recrypt
all files.
Change command name
If you wish to rename the command from cranspasswords
to something
else, define COMMAND_NAME
environment variable before executing
pip install
during the installation of the client or server.
Import cPasswords
To import client.py
from another script, you may need to specify
where is his configuration :
export CRANSPASSWORDS_CLIENT_CONFIG_DIR=/path/to/config/dir/
Build Debian package
You need to install debmake dh-python debhelper python3-all
.
Then in the repository root you can run dpkg-buildpackage
.
The build files will be in ../
.
Install completion
With bash, you can add to ~/.bashrc
:
source <this repo path>/docs/bash_completion
complete -F _cranspasswords_completion <command name>
Troubleshoutings
To troubleshot, you -vv
option to activate debug.
""“sudo: sorry, a password is required to run sudo”""
Check sudoers file on server side.