Himitsu

Himitsu is a secure secret storage system for Unix-like systems. It is extensible and suitable for storing passwords, private keys, logins, etc.

Himitsu secrets are stored in a arbitrary key/value store, accessible via a daemon. Himitsu also provides a command-line interface and query language for the store. Himitsu is designed for various integrations and frontends, including the graphical himitsu-keyring application.

Installation

Install the himitsu^AUR or himitsu-git^AUR package.

You will also need a Himitsu prompter: hiprompt-gtk-py^AUR.

Configuration

The himitsu(7) man page is worth reading. The following is a guide specific to an Arch Linux installation of himitsu^AUR.

Firstly, you will need a himitsu secstore (secrets store) and some basic configuration. Initialize these with himitsu-store(1).

$ himitsu-store -i

You will then need to configure Himitsu to use your prompter of choice. Edit the himitsu.ini(5) config file. For example, for hiprompt-gtk-py^AUR:

~/.config/himitsu/config.ini

[himitsud]
prompter=hiprompt-gtk

The Himitsu daemon himitsud(1) can now be run. The Himitsu package comes with a systemd user unit, himitsud.service. Starting/enabling it runs himitsud in the background.

Usage

Use the hiq(1) command to query and manage the keystore.

You can manage the keystore graphically using himitsu-keyring^AUR.

Integrations

Himitsu has integrations for various software.

SSH

The himitsu-ssh^AUR package provides an SSH agent and utilities for using and storing SSH keys in the Himitsu keystore.

For ssh to use the Himitsu SSH agent, it is required that:

The agent is running (enable/start the included hissh-agent.service user unit).
The $SSH_AUTH_SOCK environment variable is set to the Himitsu SSH agent's socket (i.e. $XDG_RUNTIME_DIR/hissh-agent).

See hissh-agent(1).

With that, ssh will consult the Himitsu keystore for SSH key data.

Firefox

The himitsu-firefox^AUR package provides the backend (a native messaging component) for the official Firefox Himitsu Add-on. Once both installed, Firefox can consult the Himitsu keystore for logins/passwords, from keystore entries with the proto=web key-value pair. The add-on implements the "web" protocol.