DEV Community

Cover image for Why I Chose pass for Password Management: A Complete Guide
Elizabeth Adhiambo
Elizabeth Adhiambo

Posted on

Why I Chose pass for Password Management: A Complete Guide

Managing and remembering a plethora of passwords for different services is a universal challenge. It certainly was for me. Take, for instance, the frequent pull requests I made, requiring GitHub's access token each time. My approach?

Saving the token in an empty file or — and I can't believe I'm admitting this — emailing it to myself. Every time I needed that token, I'd dive into my emails or search through my files, copy the token, then paste it where required. It was an exhausting routine, especially during days packed with multiple pushes. That's when I discovered pass — the game-changer that transformed my password management hustle.

In this article, I'll walk you through a step-by-step process to make managing your passwords as seamless as it now is for me.

Why pass?

Unix Philosophy: pass integrates seamlessly with the Unix environment, making it intuitive for those familiar with Unix-based systems.
GPG Encryption: Passwords are securely stored using GPG (GNU Privacy Guard).
Git Integration: Changes to passwords can be tracked using Git, providing version control.

Setting Up pass

  1. GPG Keys: You'll need a GPG key pair. If you don't have one yet, here's how you can generate it:
gpg --gen-key
Enter fullscreen mode Exit fullscreen mode

After generating your GPG Key, you will be prompted to enter your name and email address. Additionally, you will be asked to set a passphrase.

2. Install pass:

The next step is to install pass in your system.

sudo apt install pass   # For Debian/Ubuntu systems
brew install pass       # For macOS
Enter fullscreen mode Exit fullscreen mode

3. Initialize your Password store

The next step is to initialize the password store.

pass init <YOUR_GPG_KEY>
Enter fullscreen mode Exit fullscreen mode

If you forgot to copy you GPG Key your can use this command to retrieve it:

gpg --list-keys
Enter fullscreen mode Exit fullscreen mode

Your key should see something like this on your terminal:

/home/my_computer/.gnupg/pubring.kbx
----------------------------
pub   rsa3072 00-00-00 [SC] [expires: 0000-00-00]
      EG8H723F2CF2T052W6BFJJE3E904L6C87Q8C1A9 #This is your GPG Key
uid           [ultimate] name <youremail@email.com>
sub   rsa3072 00-00-00 [E] [expires: 0000-00-00]
Enter fullscreen mode Exit fullscreen mode

Insert/Store your passwords

To store your password, let's say you want to store your github access key:

pass insert github
Enter fullscreen mode Exit fullscreen mode

Retrieving your passwords

To retrieve your password you can either:

Show the password in the terminal

pass github
Enter fullscreen mode Exit fullscreen mode

or

Copy the password in your clipboard for 45 Seconds

pass -c github
Enter fullscreen mode Exit fullscreen mode

You can also list your stored passwords using:

pass ls
Enter fullscreen mode Exit fullscreen mode

More pass features

1. Password Generation

Pass can generate complex passwords for you

pass generate [your_service_path] [length]
Enter fullscreen mode Exit fullscreen mode

2. Keep your password history

you can use git to keep a history of your password changes

pass git init
pass git push
Enter fullscreen mode Exit fullscreen mode

Remove passwords

You can also remove stored passwords by:

pass rm github
Enter fullscreen mode Exit fullscreen mode

Conclusion

pass offers an elegant solution to password management. If you're looking for a change or simply aiming to improve your password management strategy, give pass a shot. You might be as thrilled as I was.

For more information or advanced features, refer to the official pass documentation.

Feel free to share other tips you found useful for password management!

Top comments (4)

Collapse
 
rafaftahsin profile image
Rafaf Tahsin

I never used pass, I use KeepassXC and satisfied. If you never used it, I would highly recommend.

  • It has data file that you can save in dropbox and use across all your devices.
  • It can store Time based OTP secret. You don't need to check your phone.
  • It can generate password.
  • Open source - github.com/keepassxreboot/keepassxc
Collapse
 
lizadhiambo profile image
Elizabeth Adhiambo

Hey Rafaf, I haven't used KeepassXC but I'll check it out

Collapse
 
aratinau profile image
Aymeric Ratinaud

Can it be used for an ssh connection that requires a password?

Collapse
 
lizadhiambo profile image
Elizabeth Adhiambo • Edited

Yes you can use it for ssh connections. Just save your password on pass and every time you need to ssh, just

pass -c <your password location name>
Enter fullscreen mode Exit fullscreen mode

It automatically copies the password for you and you can paste it when required . This is what I currently do and I find it quite convenient.