Rooster is a open source password manager that works from a terminal. It's designed to be secure, offline-first and cheap to maintain so that is never goes unmaintained.

I created Rooster in 2015 for my own needs. Back then, I used an online password manager but always found them kind of difficult to use. On top of that, saving passwords online felt insecure and would prove to be only a few months after work on Rooster started.

Since then, the project has received multiple third party contributions, which reinforces my feeling that the project is useful.

Setting up

Rooster guides you through the installation process.

After installation, type rooster init, and you'll be walked through choosing your "Master Password", the one and only password you'll need to remember. This password will secure all of your other passwords.

rooster-init

Alright, now that Rooster is setup, let's move on to adding passwords.

Adding passwords

Rooster gives you two ways to save passwords.

Generated password

The first and recommended way to add a password is to let Rooster generate it for you. By default, passwords generated by Rooster are 32 characters long, with at least one lowercase, one uppercase, one number and one special character (punctuation and such).

To let Rooster generate a password, type rooster generate <website> <username>, replacing <website> with the name of the website and <username> with your username/email. For instance, for a Gmail account, you might do rooster generate Google example@gmail.com.

You can then copy the password to the clipboard with rooster get Google or display it in the terminal with rooster get -s Google:

rooster-generate

You may also choose to generate alphanumeric passwords with the -a option and change the length of the password with the -l option. For instance, for an alphanumeric password with 8 characters, type rooster generate -a -l8 Google example@gmail.com.

Custom password

Sometimes, you may want to set a custom password. You can do that with rooster add Google example@gmail.com and Rooster will walk you through adding your password.

Again, you can then retrieve it with rooster get Google:

rooster-add

Copy-pasting passwords

Most Rooster commands will copy the password you just edited to your clipboard so you can swiftly paste it where you need to.

For instance, rooster get Google will copy to the clipboard:

rooster-get

You may also search part of a website's name, and Rooster will ask you which website you meant. For instance, if two of your websites contain "gg" ("GooGle" or "discord.GG", see "fuzzy searching"), typing rooster get gg will ask what you mean:

rooster-get-suggestions

You may use the -s option to display the password in the terminal instead of copying it to your clipboard.

Deleting passwords

Rooster allows you to delete passwords you no longer need. It's as simple as typing rooster delete <website>. For instance, rooster delete Google will remove Google from your password file.

rooster-delete

Finding weak passwords

Rooster gives you an easy, offline, way to check if you have any weak passwords. Simply type rooster weak and Rooster will generate a report, which you can then use to decide which passwords to change.

For instance, if I have a strong password for my Google account but a weak password for my Facebook account, this is what the report will look like:

rooster-weak

Weak password detection works using Dropbox's "Low-Budget Password Strength Estimation" method.

Offline first

By default, Rooster works offline. It never connects to the internet, at any point. All passwords are stored in a single file, which you may sync in something like Dropbox if you so choose. But it's completely optional.

Security

Rooster uses state of the art security algorithms so that even if you do loose your password file, it should be hard enough to crack that you'd have time to change your passwords before being compromised.

The scrypt key derivation function is used to create the encryption/decryption key for the authenticated encryption, which is done through aes-256-cbc for encryption and hmac-sha256 for authentication.

In case you'd like to learn more, here are the Wikipedia pages for:

Exporting password data

Rooster does not lock you in. You can export you data in JSON format at any time using rooster export. Here's what that might look like:

rooster-export

This is recommended only for moving to another password manager. For backup purposes, simply copying your password file is sufficient and more secure.

Manual

This page covers the basics. But Rooster has more to offer. You can discover all of its commands with rooster --help:

rooster-help