Add ward edit --gen

[schmich]

Allow user to use the password generator when editing a credential.

[sergeevabc]

Is Ward not maintained anymore? Abandonware?

[schmich]

I use ward every single day still, but admittedly, I've been negligent in maintaining it. I hit this issue every time I have to rotate passwords, so I realize how annoying it is.

Also, really, I have no idea how many people use this. Based off of the stars and feedback, I sort of assumed it was just me these days, so I've been willing to put up with the rough edges. I'll take a look at this issue sometime this weekend. It should be easy to fix.

As an aside, there are a few architectural changes I want to make. I'd be interested in your feedback:

1. I'd like this to be a more generic credential manager, not just for passwords. Credit cards, checking account numbers, addresses, API tokens, security questions, anything sensitive. I've found myself storing these as "passwords", but they should really have first-class support.
2. Lightweight browser extension. I prototyped a Chrome extension that kept nothing sensitive in memory, but instead shelled out to the ward binary to fetch and fill credentials for the current website. It's simpler, quicker, and (in some ways) safer than having to open a terminal, ward copy, and paste into a form every time. It could be a replacement for Chrome's form autocompletion, which I imagine is stored entirely plaintext (or is at least trivially decodable).
3. GPG-based encryption instead of password-based encryption. This is a pretty fundamental change, but it gives people more flexibility. You can have multiple keys, you can password-protect your keys (to keep similar functionality), or you can even have a YubiKey/hardware-based GPG key for added security.

I know this is way more than what you were asking about, but it's where my head is at. Yes, I realize there are a thousand password managers that already do all of this in some way, but this has been a great outlet for me to learn and explore with.

[sergeevabc]

Good morning, Chris.

The niche of password managers has already been developed, i.e. there are longtime favourites such as Keepass and Lastpass, so there is a basic set of features one expects to find before providing any feedback. Why would someone look for and try out ward? For the sake of simplicity as a supplement to the grand desktop password manager, then who knows, but not as a replacement in the first place. For example, I am going on a trip and would like to take a few credentials with me, which should be stored safely and accessed as easy as possible (slow/costly link, no admin privileges, no .NET/Java/GPG/etc).

Therefore, I expect ward to deliver basic features in a less bloated way than competitors. If you are able to design an interface to manage another sensitive information without harming passwords management, that’s fine. Browser extension might please someone, but it’s surely not what I expect from CLI app, let alone the headache of cross-browser support. As for GPG, there is GoPass, an endeavour built around this geeky crypto, which I was not able to run because of paths’ mess, let alone it means a dependency.

[schmich]

Thanks for the input. I appreciate it.

I am aware of Lastpass, Keepass, 1Password, etc. I've used them to varying degrees, and while I do like many aspects of them, I also see the bloat and surface area they expose.

As it currently stands, this project has a significantly smaller surface area. It's a glorified command-line interface to a SQLite database encrypted with Go encryption libraries. The entire system consists of two files with zero dependencies: the ward static binary and the .ward credential file. Syncing or otherwise transferring the .ward file is optional and left up to the user. It works entirely offline.

I've used this nearly every day since the project's inception almost two years ago, and it's worked well for me. As I mentioned, it could use some upkeep and love, but the majority of the issues are usability tweaks and quality-of-life changes.

If you're interested, try it out. If not, no worries. Regardless, thanks again for the feedback.

[sergeevabc]

Chris, you repeat my words from the first paragraph, perhaps you read the reply too hastily. I used ward for a while and am well aware how it works. Hence the belief that ward should remain simple and portable as possible, but become polished in terms of basic needs one expects from a password manager.