Introduction
In this blog post, we will explore the Pass - command-line password manager, which provides a secure and convenient way to manage your passwords. We will start with the initial setup, including generating a GPG key, and then proceed to cover storing, retrieving, and removing passwords using 'pass'. We will also discuss additional tips and best practices for using 'pass' effectively.
Initial setup
🔑 Generating a GPG Key
The first step to setting up the 'pass' password manager is generating a GPG (GNU Privacy Guard) key. GPG provides encryption and decryption functionality, securing your passwords in the 'pass' password store. To generate a GPG key, use the following command:
$ gpg --gen-key
You will be prompted to enter your name and email address. Additionally, you will be asked to set a passphrase
.
Note
This passphrase is crucial as it acts as the master password for all your passwords, so make sure to choose a strong and memorable passphrase.
Copy your GPG Key 6G5E33C8EDF352343243256F23FW23A06C20
from the output
pub ...
6G5E33C8EDF352343243256F23FW23A06C20
🔒 Installing pass
Next, you need to install the 'pass' password manager on your system. The installation process may vary depending on your distribution. Here are a few examples:
sudo dnf install pass # Fedora
sudo apt install pass # Debian/Ubuntu/PopOS!
...
Now your 🔒 + 🔑 are ready, so create a 'password-store'
$ pass init <GPG KEY>
# pass init 6G5E33C8EDF352343243256F23FW23A06C20
a directory .password-store
will be created in your HOME, this dir stores all your passwords (that simple it is!)
Storing passwords
- Inserting your own password
You want to store your Github password but you have two personal and work accounts, do this
$ pass insert github/personal
Enter password for github/personal: ...
$ pass insert github/work
Enter password for github/work: ...
Checkout .password-store
, it'll look like this
📂 .password-store
└── 📂 github
├── 🔑 personal.gpg
└── 🔑 work.gpg
- Generating random password
$ pass generate github/personal
A random password will be generated and stored under the specified label.
Retrieving passwords
To retrieve your stored passwords, you will need to provide the passphrase you set during the GPG key generation. Here are two ways to retrieve passwords:
- Show password in terminal
$ pass show github/personal
YOUR_PASSWORD
- Copy password in clipboard for 45 seconds
$ pass show -c github/personal
Copied github/personal to clipboard. Will clear in 45 seconds.
Removing passwords
$ pass rm github/personal
Are you sure you would like to delete github/personal? [y/N]
removed '/home/USER/.password-store/github/personal.gpg'
Conclusion
Checkout offical website for pass https://www.passwordstore.org/ to learn more.
There are many UI interfaces available for pass, if you use GNOME I have one for you...
Anant-mishra1729 / Pass-zenity
Simple GUI interface of pass linux with zenity gui
Pass-zenity
Simple GUI interface of pass
linux command with zenity gui
Installation
- Clone this repository
git clone https://github.com/Anant-mishra1729/Pass-zenity.git
cd Pass-zenity
- Make all files executable
chmod u+x pass*
- Place all the files except README.md in
~/.local/bin
, create~/.local/bin
directory if it doesn't exist
mv pass* ~/.local/bin/
About
pass-plugin
To access all the 3 plugins (generate, show, remove)
pass-generate
Generates password for username
- If password is not provided random password is generated for that username.
- If username already exists the ui will ask for whether to overwrite the password or not.
pass-show
Gives a list preview of all usernames
- Usernames are searchable
- After selecting usernames, the password will be copied to clipboard for 45 seconds.
pass-remove
Remember to refer to the 'pass' documentation or run man pass in the terminal for more detailed information on additional features and advanced usage of the 'pass' command-line password manager.
Top comments (2)
I actually recently started using pass myself and can really recommend it to anyone who enjoys CLI tools.
For a long while I was being lazy with my password hygiene, because the password managers I knew about were either too much of a hassle to use or weren't trustable enough.
Pass solves both of these problems really well. First of all, it uses well known and trusted tools for managing the secrets(gpg, git, your $EDITOR) thus I don't have to worry about my secrets being leaked by a "cloud" blackbox service. As for the second point, pass being a single bash script that uses widely available tools, I can easily put it anywhere(personal computers, VPS, android phone via termux) and sync password using git with the password repository stored on VPS for easy access from multiple devices.
Though do note that with great privacy comes the risk of losing all your secrets if you lose the master password or the private key itself, so make sure you back up both the password repository and it's gpg keypair.
One thing I forgot to mention, we can use git in pass in case we remove a password by mistake, we can recover it again using git.