Rooster is a open source password manager that works from a terminal. It's designed to be secure, offline-first and cheap to maintain so that is never goes unmaintained.
I created Rooster in 2015 for my own needs. Back then, I used an online password manager but always found them kind of difficult to use. On top of that, saving passwords online felt insecure and would prove to be only a few months after work on Rooster started.
Since then, the project has received multiple third party contributions, which reinforces my feeling that the project is useful.
Rooster guides you through the installation process.
After installation, type
rooster init, and you'll be walked through choosing your "Master Password", the one and only password you'll need to remember. This password will secure all of your other passwords.
Alright, now that Rooster is setup, let's move on to adding passwords.
Rooster gives you two ways to save passwords.
The first and recommended way to add a password is to let Rooster generate it for you. By default, passwords generated by Rooster are 32 characters long, with at least one lowercase, one uppercase, one number and one special character (punctuation and such).
To let Rooster generate a password, type
rooster generate <website> <username>, replacing
<website> with the name of the website and
<username> with your username/email. For instance, for a Gmail account, you might do
rooster generate Google email@example.com.
You can then copy the password to the clipboard with
rooster get Google or display it in the terminal with
rooster get -s Google:
You may also choose to generate alphanumeric passwords with the
-a option and change the length of the password with the
-l option. For instance, for an alphanumeric password with 8 characters, type
rooster generate -a -l8 Google firstname.lastname@example.org.
Sometimes, you may want to set a custom password. You can do that with
rooster add Google email@example.com and Rooster will walk you through adding your password.
Again, you can then retrieve it with
rooster get Google:
Most Rooster commands will copy the password you just edited to your clipboard so you can swiftly paste it where you need to.
rooster get Google will copy to the clipboard:
You may also search part of a website's name, and Rooster will ask you which website you meant. For instance, if two of your websites contain "gg" ("GooGle" or "discord.GG", see "fuzzy searching"), typing
rooster get gg will ask what you mean:
You may use the
-s option to display the password in the terminal instead of copying it to your clipboard.
Rooster allows you to delete passwords you no longer need. It's as simple as typing
rooster delete <website>. For instance,
rooster delete Google will remove Google from your password file.
Finding weak passwords
Rooster gives you an easy, offline, way to check if you have any weak passwords. Simply type
rooster weak and Rooster will generate a report, which you can then use to decide which passwords to change.
For instance, if I have a strong password for my Google account but a weak password for my Facebook account, this is what the report will look like:
Weak password detection works using Dropbox's "Low-Budget Password Strength Estimation" method.
By default, Rooster works offline. It never connects to the internet, at any point. All passwords are stored in a single file, which you may sync in something like Dropbox if you so choose. But it's completely optional.
Rooster uses state of the art security algorithms so that even if you do loose your password file, it should be hard enough to crack that you'd have time to change your passwords before being compromised.
scrypt key derivation function is used to create the encryption/decryption key for the authenticated encryption, which is done through
aes-256-cbc for encryption and
hmac-sha256 for authentication.
In case you'd like to learn more, here are the Wikipedia pages for:
- scrypt: https://en.wikipedia.org/wiki/Scrypt
- aes-256-cbc: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
- sha-256: https://en.wikipedia.org/wiki/SHA-2
Exporting password data
Rooster does not lock you in. You can export you data in JSON format at any time using
rooster export. Here's what that might look like:
This is recommended only for moving to another password manager. For backup purposes, simply copying your password file is sufficient and more secure.
This page covers the basics. But Rooster has more to offer. You can discover all of its commands with