stash

Simple password manager shell script
Log | Files | Refs | README
commit 655847d143f24f1f4d5181998b8e74e031849a0e
parent a4fd86deffa0c687ba88c15c0366c0dafff13449
Author: Luke Willis <lukejw@loquat.dev>
Date:   Tue,  9 Dec 2025 12:47:16 -0500

Add README.md

Diffstat:

AREADME.md | 37+++++++++++++++++++++++++++++++++++++


1 file changed, 37 insertions(+), 0 deletions(-)

diff --git a/README.md b/README.md
@@ -0,0 +1,37 @@
+# STA.SH
+Sta.sh is a simple password mananger shell script.
+
+## Features
+- Simple keyboard-driven UI via [tofi](https://github.com/philj56/tofi)
+  - Wayland-only. I might add support for
+    [dmenu](https://tools.suckless.org/dmenu) as an x11 option in the future.
+- Securely encrypted data via [age](https://age-encryption.org/)
+  - All information is encrypted by a master key, which itself is encrypted by a
+    master password of the user's choice.
+- OTP 2FA via [oath-toolkit](https://oath-toolkit.codeberg.page/)
+  - Simply set the otp field to your secret and the 6-digit code will be
+    automatically generated when you access it.
+- Arbitrary fields
+  - When in the 'modify' menu for a login, you can simply type anything and it
+    will be saved as a field.
+- Quick logins
+  - When quick login is activated for a certain account, it will queue existing
+    username, password and otp fields in that order onto your clipboard. This
+    means you can just hit paste 3 times and they will automatically be pasted
+    in the right order. I found this was a good balance between a browser
+    extension auto-filling fields and manually copying them.
+
+## Motivation
+I've been feeling dissatisfied with contemporary password managers, so I decided
+ to write my own. I am pretty happy with the result.
+ 
+## TODO
+- Add the ability to initialize sta.sh outside of the terminal
+  - I'm either going to have to patch age again to support this or use some kind
+    of multiplexer to simulate user input.
+- Require master password when changing fields
+  - It's one thing to require a password to decrypt information, but it's still
+    too easy to just overwrite all of someone's information in order to lock
+    them out.
+- Rewrite in C / Rust?
+  - Would be more secure (I think).