Himitsu

From ArchWiki

Himitsu is a secure secret storage system for Unix-like systems. It is extensible and suitable for storing passwords, private keys, logins, etc.

Himitsu secrets are stored in a arbitrary key/value store, accessible via a daemon. Himitsu also provides a command-line interface and query language for the store.

Installation

Install the himitsuAUR package.

You will also need a Himitsu prompter: hiprompt-gtk-pyAUR.

Setup

The himitsu(7) man page is worth reading. The following is a guide specific to an Arch Linux installation of himitsuAUR.

Firstly, you will need a himitsu secstore (secrets store) and some basic configuration. Initialize these with himitsu-init(1).

$ himitsu-init

You will then need to configure Himitsu to use your prompter of choice. Edit the himitsu.ini(5) config file. For example, for hiprompt-gtk-pyAUR:

~/.config/himitsu/config.ini
[himitsud]
prompter=hiprompt-gtk

The Himitsu daemon himitsud(1) can now be run. The Himitsu package comes with a systemd user unit, himitsud.service. Starting/enabling it runs himitsud in the background.

Setup should be complete.

Usage

Use the hiq(1) command to query and manage the keystore.

Integrations

Himitsu has integrations for various software, available from the AUR.

SSH

The himitsu-sshAUR package provides an SSH agent and utilities for using and storing SSH keys in the Himitsu keystore.

For ssh to use the Himitsu SSH agent, it is required that:

See hissh-agent(1).

With that, ssh will consult the Himitsu keystore for SSH key data.

Firefox

The himitsu-firefoxAUR package provides the backend (a native messaging component) for the official Firefox Himitsu Add-on. Once both installed, Firefox can consult the Himitsu keystore for logins/passwords, from keystore entries with the proto=web key-value pair. The add-on implements the "web" protocol.