My name is Philipp C. Heckel and I write about nerdy things.

Simsafe: Simple command-line password safe

Linux, Scripting, Security

Simsafe: Simple command-line password safe

Nowadays, it appears to me as if almost everything in the big and fancy world of IT comes with the need to sign up and create an account. Every little online tool, every social networking site and of course every instant messenger account. System administrators hits it even harder: The setup of a server machine requires to create lots of different users for every kind of service, — be it Postfix, Sendmail, Courier, MySQL, PostgreSQL, etc. Most of them require some kind of super-user password or account.

This is where a password manager comes in handy: Open the password vault by typing in the master password, put in all you secrets and crucial information, save it and be happy. As if!

Almost every password manager I found on the Web was crowded out by details so that it took minutes to add a single account. What I wanted was something like a text-file with password — and that’s what I made: A simple command-line password safe.

How it works

Simsafe is nothing else but a simple Perl script wrapped around the symmetric encryption functions of GPG. Every box with GPG and Perl installed can hence use the script (= every linux box!). And even if the simsafe-script is not installed on the system, a simple gpg –decrypt FILE shows the plain text contents. That is, Simsafe files are nothing more but text-files with password!


It’s simple and really easy to use.

Create a new password safe file

Adding/Removing entries to the password vault

Get it!

It’s a reeeaallly small script and this post is possible longer than the perl-file itself, but here it is. Simply download it, make it executable and put it somewhere in your PATH.

Download: Simsafe v0.1, Apr. 2009


  1. Anarcat

    Passing the GPG password through a password file hardly seems like appropriate security for a password manager. People are worried about putting that password in *memory* (because it may eventually be written to disk through swap), so you should be more careful. If I remember this right, there’s a Perl API for GPG you could use, otherwise, there are ways to simply use gpg to prompt the password itself.