Pass is a standard UNIX password manager that uses GPG to encrypt your passwords and stores them in a simple file-based structure. It is available from https://www.passwordstore.org/.
In order to set up Pass, first we need to generate a new GPG key. You can do this by using:
From here, fill in the options, using majority defaults (unless you want to increase your key size), and enter a passphrase for your key. It is important that you remember this, as it will be what secures your password storage.
Now, list your keys using
gpg2 --list-keys --with-colons
This will output:
pub:u:4096:1:XXYYXXYYXXYYXXYY:other data uid:u::::data::privatekeydata::My Name (Comment from key creation) <email>: sub:etc.
We want to initialise pass using the long string
XXYYXXYYXXYYXXYY from this output. This is the fingerprint of your public key.
So now, download and install pass and run:
pass init XXYYXXYYXXYYXXYY
Using the string found above.
This will initialise a password store stored in
~/.password-store which will encrypt passwords using that GPG public key.
Now, you can add passwords, for instance, using:
pass insert mysuperawesomesite/portal Enter password for mysuperawesomesite/portal: XXXXX Retype password for mysuperawesomesite/portal: XXXXX
And now, you've added your first password!
Retrieve your password by typing:
and entering your GPG key password set before. The password will then be displayed in your terminal.
Or, just use pass's inbuilt clipboard system, which works on Mac OS X but may break on other OS's.
The following command copies the password to your clipboard and clears it after 45 seconds.
pass -c mysuperawesomesite/portal
Even better, assign an alias to pass -c such as:
echo 'alias pw="pass -c"' >> ~/.bashrc
Backups / Restoring
Back up your password store and GPG keys by doing the following:
mkdir passbackup cp -R ~/.gpg passbackup/ cp -R ~/.password-store passbackup/ scp -r passbackup [email protected]:/backups/
Access your passwords on another machine (without pass) in an emergency:
Import GPG key
gpg --import passbackup/.gpg/secring.gpg
GPG decrypt password file
cd passbackup/.password-store/ gpg my-example-password.gpg Enter Passphrase: ***************
Read decrypted password