NodeJS script checking whether any of the passwords used online are compromised.
It uses the ';--have i been pwned?
V3 API, specifically the GET
https://api.pwnedpasswords.com/range/{first 5 hash chars}
to determine if a password is compromised.
- Node >=
v17
- Clone the repo ☝️, for example:
git clone https://github.com/koalyptus/check-my-secrets.git
- Install all the requirements:
npm install
- Create a
.env
file at same location of this README with following definitions:
# Replace the curly brackets too!
# Encryption key used by Keyring
ENCRYPTION_KEY={your-encryption-key-here}
# Symbol used to separate passwords, defaults to `,`
PWDS_SEPARATOR={separator_here}
# Key used by Keyring to store the comma (or symbol of your choice) separated passwords
PWDS_KEY=checkmysecrets.{your-key-for-passwords}
.env
file:
hello-world-123
,
checkmysecrets.pwds
Please note that failing to provide a .env
poses obvious security risks as the encryption key is publicly disclosed here.
- In command line use following command to set the comma (or any symbol of your choice) separated passwords in Keyring:
keyring store -k checkmysecrets.{PWDS_KEY HERE} -v 'my-password,another-password' -e -p {ENCRYPTION_KEY HERE}
To list the passwords use the following command:
keyring retrieve -k 'checkmysecrets.{PWDS_KEY HERE}' -d -p '{ENCRYPTION_KEY HERE}'
- Finally use
npm start
command to check the integrity of your passwords, alternativelynode bin/check-my-secrets
. Depending on the OS a notification similar to below should pop-out: