`pass` is a simple, flexible command line password manager that follows the Unix philosophy. The application saves each password in an encrypted GPG file and allows organizing them in various folder hierarchies.
Since `pass` works with encrypted text files, it can be used in conjunction with other utilities. In fact, the community has created a multitude of apps that enhance `pass`, such as a cross-platform GUI client, a Firefox extension, a Windows client, Android and iOS apps, an interactive console UI and more.
QtPass, a cross-platform Qt GUI for pass |
upass, an interactive console UI for pass |
The password store doesn't have any restrictions as to what you save and how you organize the data, so you can use it to store pretty much any sensitive information, be it website URLs, answers to the secret questions used on various websites when registering and much more.
Other notable `pass` features include Bash competition (zsh and fish competition also available), password generation, Git support for storing your encrypted password in a GIT repository, and the ability to import passwords from applications such as KeepassX, 1Password, Keepass2 CSV and XML, LastPass CVS, KWallet and more.
Under the hood, `pass` is just a Bash script (it does make use of a few Python and Ruby helpers though, for password importing for instance), which makes it lightweight and easy to audit or to add your own modifications.
I should also mention that the passwords you create using this tool are stored in a folder called ".password-store" (hidden) in your home directory.
Installing and using `pass`
1. To be able to use `pass`, you'll need to create a gpg key, if you don't already have one. There are various guides you can follow for how to do this, so I won't go into details about this here.
2. Install `pass`. In Debian / Ubuntu and derivatives, use the following command to install it:
sudo apt-get install pass
For other Linux distributions or Mac, see the pass downloads.3. Initialize the password store using the following command:
pass init GPG_ID_OR_EMAIL
where GPG_ID_OR_EMAIL is the ID of your GPG key (eight-digit hex code) or the email address you've used when creating the GPG key - you can find both of these by using the following command: "gpg --list-secret-keys". Now you can start using `pass`.
Here's how you would add a new password for "webupd8.org", under the "test" category/folder:
pass insert test/webupd8.org
To list the passwords, simply type "pass":$ pass
Password Store
└── test
└── webupd8.org
You can show the password using the following command (for the same "test" category" and "webupd8.org" item):
pass test/webupd8.org
If you want to copy the password to the clipboard without displaying it, you can use:
pass -c test/webupd8.org
(`pass` automatically clears the clipboard after 45 seconds)To edit an existing password - let's use the same "test/webupd8.org" entry we've used above -, you can use:
pass edit test/webupd8.org
then, enter your GPG password and you can edit the stored password or add any other info to the file.
Note: pass treats the first line as the password (so when invoking it with "-c", the tool only copies the first line to the clipboard) so you can add various other info on new lines, like the username, etc.