Himitsu
Himitsu is a secure secret storage system for Unix-like systems. It is extensible and suitable for storing passwords, private keys, logins, etc.
Himitsu secrets are stored in a arbitrary key/value store, accessible via a daemon. Himitsu also provides a command-line interface and query language for the store.
Installation
Install the himitsuAUR package.
You will also need a Himitsu prompter: hiprompt-gtk-pyAUR.
Setup
The himitsu(7) man page is worth reading. The following is a guide specific to an Arch Linux installation of himitsuAUR.
Firstly, you will need a himitsu secstore (secrets store) and some basic configuration. Initialize these with himitsu-init(1).
$ himitsu-init
You will then need to configure Himitsu to use your prompter of choice. Edit the himitsu.ini(5) config file. For example, for hiprompt-gtk-pyAUR:
~/.config/himitsu/config.ini
[himitsud] prompter=hiprompt-gtk
The Himitsu daemon himitsud(1) can now be run.
The Himitsu package comes with a systemd user unit, himitsud.service.
Starting/enabling it runs himitsud in the background.
Setup should be complete.
Usage
Use the hiq(1) command to query and manage the keystore.
Integrations
Himitsu has integrations for various software, available from the AUR.
SSH
The himitsu-sshAUR package provides an SSH agent and utilities for using and storing SSH keys in the Himitsu keystore.
For ssh to use the Himitsu SSH agent, it is required that:
- The agent is running (enable/start the included
hissh-agent.serviceuser unit). - The
$SSH_AUTH_SOCKenvironment variable is set to the Himitsu SSH agent's socket (i.e.$XDG_RUNTIME_DIR/hissh-agent).
See hissh-agent(1).
With that, ssh will consult the Himitsu keystore for SSH key data.
Firefox
The himitsu-firefoxAUR package provides the backend (a native messaging component) for the official Firefox Himitsu Add-on.
Once both installed, Firefox can consult the Himitsu keystore for logins/passwords, from keystore entries with the proto=web key-value pair.
The add-on implements the "web" protocol.