DEV Community

Cover image for Simplify Password Management with the 'pass' Command-Line Password Manager
Anant Mishra
Anant Mishra

Posted on

Simplify Password Management with the 'pass' Command-Line Password Manager

Introduction

In this blog post, we will explore the Pass - command-line password manager, which provides a secure and convenient way to manage your passwords. We will start with the initial setup, including generating a GPG key, and then proceed to cover storing, retrieving, and removing passwords using 'pass'. We will also discuss additional tips and best practices for using 'pass' effectively.

Initial setup

πŸ”‘ Generating a GPG Key

The first step to setting up the 'pass' password manager is generating a GPG (GNU Privacy Guard) key. GPG provides encryption and decryption functionality, securing your passwords in the 'pass' password store. To generate a GPG key, use the following command:

$ gpg --gen-key
Enter fullscreen mode Exit fullscreen mode

You will be prompted to enter your name and email address. Additionally, you will be asked to set a passphrase.

Note
This passphrase is crucial as it acts as the master password for all your passwords, so make sure to choose a strong and memorable passphrase.

Copy your GPG Key 6G5E33C8EDF352343243256F23FW23A06C20 from the output

pub ...
6G5E33C8EDF352343243256F23FW23A06C20
Enter fullscreen mode Exit fullscreen mode

πŸ”’ Installing pass

Next, you need to install the 'pass' password manager on your system. The installation process may vary depending on your distribution. Here are a few examples:

sudo dnf install pass # Fedora
sudo apt install pass # Debian/Ubuntu/PopOS!
...
Enter fullscreen mode Exit fullscreen mode

Now your πŸ”’ + πŸ”‘ are ready, so create a 'password-store'

$ pass init <GPG KEY>
# pass init 6G5E33C8EDF352343243256F23FW23A06C20
Enter fullscreen mode Exit fullscreen mode

a directory .password-store will be created in your HOME, this dir stores all your passwords (that simple it is!)

Storing passwords

  • Inserting your own password

You want to store your Github password but you have two personal and work accounts, do this

$ pass insert github/personal
Enter password for github/personal: ...
$ pass insert github/work
Enter password for github/work: ...
Enter fullscreen mode Exit fullscreen mode

Checkout .password-store, it'll look like this

πŸ“‚  .password-store
└── πŸ“‚ github
   β”œβ”€β”€ πŸ”‘ personal.gpg
   └── πŸ”‘ work.gpg
Enter fullscreen mode Exit fullscreen mode
  • Generating random password
$ pass generate github/personal
Enter fullscreen mode Exit fullscreen mode

A random password will be generated and stored under the specified label.

Retrieving passwords

To retrieve your stored passwords, you will need to provide the passphrase you set during the GPG key generation. Here are two ways to retrieve passwords:

  • Show password in terminal
$ pass show github/personal
YOUR_PASSWORD
Enter fullscreen mode Exit fullscreen mode
  • Copy password in clipboard for 45 seconds
$ pass show -c github/personal
Copied github/personal to clipboard. Will clear in 45 seconds.
Enter fullscreen mode Exit fullscreen mode

Removing passwords

$ pass rm github/personal
Are you sure you would like to delete github/personal? [y/N]
removed '/home/USER/.password-store/github/personal.gpg'
Enter fullscreen mode Exit fullscreen mode

Conclusion

Checkout offical website for pass https://www.passwordstore.org/ to learn more.

There are many UI interfaces available for pass, if you use GNOME I have one for you...

GitHub logo Anant-mishra1729 / Pass-zenity

Simple GUI interface of pass linux with zenity gui

Pass-zenity

Simple GUI interface of pass linux command with zenity gui image

Installation

  • Clone this repository
git clone https://github.com/Anant-mishra1729/Pass-zenity.git
cd Pass-zenity
  • Make all files executable
chmod u+x pass*
  • Place all the files except README.md in ~/.local/bin, create ~/.local/bin directory if it doesn't exist
mv pass* ~/.local/bin/
  • Add keyboard shortcuts for easy access image

About

pass-plugin

To access all the 3 plugins (generate, show, remove)

pass-generate

Generates password for username

  • If password is not provided random password is generated for that username.
  • If username already exists the ui will ask for whether to overwrite the password or not. image

pass-show

Gives a list preview of all usernames

  • Usernames are searchable
  • After selecting usernames, the password will be copied to clipboard for 45 seconds. image

pass-remove

image

Remember to refer to the 'pass' documentation or run man pass in the terminal for more detailed information on additional features and advanced usage of the 'pass' command-line password manager.

Top comments (2)

Collapse
 
cipharius profile image
Valts Liepiņő

I actually recently started using pass myself and can really recommend it to anyone who enjoys CLI tools.

For a long while I was being lazy with my password hygiene, because the password managers I knew about were either too much of a hassle to use or weren't trustable enough.

Pass solves both of these problems really well. First of all, it uses well known and trusted tools for managing the secrets(gpg, git, your $EDITOR) thus I don't have to worry about my secrets being leaked by a "cloud" blackbox service. As for the second point, pass being a single bash script that uses widely available tools, I can easily put it anywhere(personal computers, VPS, android phone via termux) and sync password using git with the password repository stored on VPS for easy access from multiple devices.

Though do note that with great privacy comes the risk of losing all your secrets if you lose the master password or the private key itself, so make sure you back up both the password repository and it's gpg keypair.

Collapse
 
anantmishra1729 profile image
Anant Mishra

One thing I forgot to mention, we can use git in pass in case we remove a password by mistake, we can recover it again using git.