Password manager: pass

The pass command is a simple and effective password manager for the command line in Linux. It is designed to securely store and manage passwords using GnuPG (GPG) for encryption. The pass utility provides a convenient way to create, retrieve, and organize passwords.

• GPG Encryption: Passwords are stored in GPG-encrypted files, ensuring that they are secure and protected from unauthorized access.
• Directory Structure: Passwords are organized in a directory structure, where each password is stored as a separate file. This allows for easy categorization and retrieval.
• Clipboard Management: pass can copy passwords to the clipboard for a limited time, making it easy to paste them into applications without exposing them.

List All Passwords:

pass

# or
pass ls

Add a New Password:

• -m or --multiline: multiline passwords or other data

pass insert -m mywebsite.com

# insert command is alternatively named add
pass add

# or
pass insert mywebsite.com
pass insert archlinux.org/wiki/username

Generate a new random password. Where n is the desired password length as a number:

pass generate archlinux.org/wiki/username n

It uses /dev/urandom internally

Retrieve a password

pass mywebsite.com

Users of Xorg with xclip installed can retrieve the password directly onto the clipboard temporarily (e.g., to paste into web forms).

pass -c archlinux.org/wiki/username

Edit a password/file:

pass edit password_name

Remove a password:

pass rm Business/cheese-whiz-factory

Organisation

Store the password itself on the first line of the file, and the additional information on subsequent lines.

Yw|ZSNH!}z"6{ym9pI
URL: *.amazon.com/*
Username: AmazonianChicken@example.com
Secret Question 1: What is your childhood best friend's most bizarre superhero fantasy? Oh god, Amazon, it's too awful to say...
Phone Support PIN #: 84719

The --clip / -c options will only copy the first line of such a file to the clipboard, thereby making it easy to fetch the password for login forms, while retaining additional information in the same file.

Git integration

To do...

https://wiki.archlinux.org/title/Pass

Setting it up

To begin, there is a single command to initialize the password store:

pass init "ZX2C4 Password Storage Key"
# or
pass init email

Here, ZX2C4 Password Storage Key is the ID of my GPG key.

We can additionally initialize the password store as a git repository:

pass git init

If a git repository is initialized, pass creates a git commit each time the password store is manipulated.

Sources

• Poe AI
• https://wiki.archlinux.org/title/Pass
• https://www.passwordstore.org/
• [https://web.archive.org/web/20230527122558/https://blog.sanctum.geek.nz/gnu-linux-crypto-passwords/][https://web.archive.org/web/20230527122558/https://blog.sanctum.geek.nz/gnu-linux-crypto-passwords/]