pwcipher is a lightweight and secure command-line password manager. It utilizes SQLCipher to provide transparent 256-bit AES encryption for your SQLite database, ensuring your credentials remain safe even if the database file is compromised.
- Pro Encryption: Powered by SQLCipher with 256-bit AES encryption.
- Elegant CLI: A high-end, colorized interface with intuitive flow.
- Smart Search: Quickly find accounts by name or specific ID.
- Advanced Rekeying: Seamlessly change your master password, encrypt a plaintext database, or decrypt to standard SQLite.
- Full CRUD: Add, Edit, Delete, and List operations.
Unlike standard SQLite, which stores data in plaintext, pwcipher uses SQLCipher to encrypt every page of the database file.
- Algorithm: 256-bit AES encryption.
- Key Derivation: Uses PBKDF2 with a high iteration count.
- Page-level Encryption: Ensures that no metadata or structure is visible without the master key.
Learn more at the official SQLCipher GitHub Page.
pwcipher displays results in a structured format:
[ACCOUNT] GOOGLE ADMIN (ID: 52)
------------------------------------------------
LOGIN : admin@google.com
PASS : somenicepass
URL : https://account.google.com
INFO : Example of an account entry
The 2FA example codes are:
4829 3012
9012 3456
1122 3344
5566 7788
You must have the sqlcipher command-line tool installed.
- macOS (Homebrew):
brew install sqlcipher - Ubuntu/Debian/WSL:
sudo apt update && sudo apt install sqlcipher - Fedora:
sudo dnf install sqlcipher - Arch Linux:
sudo pacman -S sqlcipher
Download the script and make it executable:
chmod +x pwcipher
pwcipherOn the first run, the Initial Setup wizard will guide you through creating your database and setting your master password.
| Command | Description |
|---|---|
pwcipher --help |
Display detailed help and instructions. |
pwcipher [TERM] |
Search for an account name or a specific ID. |
pwcipher -a |
Add a new account entry. |
pwcipher -e [ID] |
Edit an existing account (leave fields blank to skip). |
pwcipher -d [ID] |
Delete an account entry (requires confirmation). |
pwcipher -f |
List the entire database contents. |
pwcipher -r |
Rekey, Encrypt, or Decrypt the database. |
pwcipher -w |
Wipe all database entries (Dangerous!). |
When adding or editing the INFO field:
- Type your text.
- Press Enter for new lines.
- Press Ctrl+D on a new line to Save and Finish.
Use the -r option to enter the Encryption Settings menu:
- Change Password: Enter and confirm your new password.
- Encrypt: If your DB is currently plaintext, use this to set a password.
- Decrypt: Leave the new password field blank and type
DECRYPTto remove all encryption.
MIT License — Copyright (c) 2025 nodefive
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.