How to create a simple CLI password manager using python with encryption

Password managers are useful tools that help you store and manage your passwords securely. They can also generate strong and random passwords for you, so you don't have to remember them or use the same password for multiple accounts. However, some people may not trust third-party password managers or may want to have more control over their own data. In this blog post, I will show you how to create a simple command-line interface (CLI) password manager using python with encryption.

The basic idea is to use a python module called cryptography to encrypt and decrypt your passwords using a master password that only you know. You will also use another module called click to create a user-friendly CLI that allows you to add, update, delete and view your passwords. The passwords will be stored in a JSON file that will be encrypted and decrypted on the fly.

To get started, you will need to install the cryptography and click modules using pip:

pip install cryptography click
```

Then, you will need to create a python file (let's call it passman.py) and import the modules:

```

import json
import os
import click
from cryptography.fernet import Fernet
```

Next, you will need to define some helper functions that will handle the encryption and decryption of the JSON file. The first function will generate a key from your master password using a key derivation function (KDF). The second function will encrypt the JSON file using the key and the Fernet class from the cryptography module. The third function will decrypt the JSON file using the same key and Fernet class.

```python
def generate_key(password):
# Generate a key from the password using PBKDF2HMAC
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.backends import default_backend
salt = b'\x9c\x8f\x1a\x0f\x0c\x9d\x1a\x8b' # A random salt
kdf = PBKDF2HMAC(
algorithm=hashes.SHA256(),
length=32,
salt=salt,
iterations=100000,
backend=default_backend()
)
key = kdf.derive(password.encode()) # Derive the key from the password
return key

def encrypt_file(file_name, key):
# Encrypt the file using Fernet
fernet = Fernet(key) # Create a Fernet object with the key
with open(file_name, 'rb') as f: # Open the file in binary mode
data = f.read() # Read the file content
encrypted_data = fernet.encrypt(data) # Encrypt the data
with open(file_name, 'wb') as f: # Open the file in binary mode again
f.write(encrypted_data) # Write the encrypted data

def decrypt_file(file_name, key):
# Decrypt the file using Fernet
fernet = Fernet(key) # Create a Fernet object with the key
with open(file_name, 'rb') as f: # Open the file in binary mode
data = f.read() # Read the encrypted data
decrypted_data = fernet.decrypt(data) # Decrypt the data
with open(file_name, 'wb') as f: # Open the file in binary mode again
f.write(decrypted_data) # Write the decrypted data
```

Now, you will need to create a JSON file (let's call it passwords.json) that will store your passwords in a dictionary format. For example:

```json
{
"gmail": {
"username": "your_email@gmail.com",
"password": "your_password"
},
"facebook": {
"username": "your_username",
"password": "your_password"
}
}
```

You can add as many accounts as you want, but make sure to use unique keys for each account. You will also need to encrypt this file using your master password and one of the helper functions:

```python
file_name = 'passwords.json' # The name of the JSON file
master_password = input('Enter your master password: ') # Ask for the master password
key = generate_key(master_password) # Generate a key from the master password
encrypt_file(file_name, key) # Encrypt the file with the key
```

You can run this code once to encrypt your JSON file and then comment it out or delete it. You don't want to encrypt your file every time you run your program.