Meet pass

I've been looking for a password store that works for me for years and recently came across Pass on HackerNews. The idea of ​​storing passwords in a git repository may sound strange, but overall it's not a bad idea because:

• I keep a git repository locally on my computer
• All passwords are protected by GPG encryption, so even if I get SSH access to my computer, the leak will not affect security

I use -c to copy / paste passwords. There is an extension for the browser, but copy-paste is more convenient for me personally. Synchronization problems with the phone and all linux devices are also not worth it (because it's just git).



I am sharing with you the translation of the Pass welcome page.

---

Password management should be simple and follow the Unix philosophy . Using pass, each of your passwords is inside an encrypted gpg file, the name of which is the same as the name of the resource or website to which this password is linked. These encrypted files can be organized into convenient folder hierarchies, copied from media to media, and generally processed using any command line file management utility.



With pass, managing individual password files is extremely easy. All passwords are stored in ~ / .password-store, and pass provides several convenient commands for adding, editing, generating and retrieving passwords. This is a very short and simple Shell script. It is capable of temporarily putting passwords on the clipboard and tracking password changes using git.



You can edit the password store using standard unix shell commands in conjunction with the pass commands. There are no fancy file formats or new paradigms to learn. Bash completion is present, so you can simply press Tab to quickly fill in a name or command, as well as hints for zsh and fish, available in the / completion folder . The very active community of pass users has created many unusual clients and GUIs for different platforms, as well as extensions for pass itself.



Teams pass is described in detail on page manual .

How password storage is used

We can list all existing passwords in the store:

zx2c4@laptop ~ $ pass
Password Store
├── Business
│   ├── some-silly-business-site.com
│   └── another-business-site.net
├── Email
│   ├── donenfeld.com
│   └── zx2c4.com
└── France
    ├── bank
    ├── freebox
    └── mobilephone

      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
    

We can also display passwords:

zx2c4@laptop ~ $ pass Email/zx2c4.com
sup3rh4x3rizmynam3

      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
    

Or copy them to the clipboard:

zx2c4@laptop ~ $ pass -c Email/zx2c4.com
Copied Email/jason@zx2c4.com to clipboard. Will clear in 45 seconds.

      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
    

A convenient dialog for entering a password will appear using a standard gpg agent (which can be configured to maintain a session for several minutes), since all passwords are encrypted.



We can add existing passwords to the store using insert:

zx2c4@laptop ~ $ pass insert Business/cheese-whiz-factory
Enter password for Business/cheese-whiz-factory: omg so much cheese what am i gonna do

      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
    

This function also works with multiline passwords or other data using --multiline or -m, and passwords can be edited in the default text editor using pass edit pass-name.



The utility can generate new passwords using / dev / urandom:

zx2c4@laptop ~ $ pass generate Email/jasondonenfeld.com 15
The generated password to Email/jasondonenfeld.com is:
$(-QF&Q=IN2nFBx

      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
    

It is possible to generate passwords without symbols using --no-symbols or -n, and copy it to the clipboard instead of displaying it in the console using --clip or -c.



You can, of course, remove passwords:

zx2c4@laptop ~ $ pass rm Business/cheese-whiz-factory
rm: remove regular file ‘/home/zx2c4/.password-store/Business/cheese-whiz-factory.gpg’? y
removed ‘/home/zx2c4/.password-store/Business/cheese-whiz-factory.gpg’

      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
    

If the password repository is a git repository, since each manipulation creates a git commit, you can synchronize the password repository with pass git push and pass git pull, which call git-push or git-pull on the repository.



You can read more examples and functions here .

Customization

To begin with, there is one command to initialize the password store:

zx2c4@laptop ~ $ pass init "ZX2C4 Password Storage Key"
mkdir: created directory ‘/home/zx2c4/.password-store’
Password store initialized for ZX2C4 Password Storage Key.

      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
    

Here ZX2C4 Password Storage Key is the ID of the GPG key. You can use your standard GPG key, or you can use an alternative one specifically for password storage, as shown above. Multiple GPG keys can be specified to use pass in a group, and different folders can have different GPG keys with -p.



We can optionally initialize the password store as a git repository:

zx2c4@laptop ~ $ pass git init
Initialized empty Git repository in /home/zx2c4/.password-store/.git/
zx2c4@laptop ~ $ pass git remote add origin kexec.com:pass-store

      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
    

If a git repository is initialized, pass creates a commit inside that git repository every time the password store is manipulated.



There is a more detailed example of initialization on the man page .

Download pass

The current version is 1.7.3.



Ubuntu / Debian



$ sudo apt-get install pass







Fedora / RHEL



$ sudo yum install pass







openSUSE



$ sudo zypper in password-store







Gentoo



# emerge -av pass







Arch



$ pacman -S pass







Macintosh



The password vault is available through the Homebrew Package Manager :



$ brew install pass







FreeBSD



# portmaster -d sysutils/password-store







Tarball

• Version 1.7.3
• Latest Git

The archive contains a general makefile, for which a simple sudo make install command is sufficient.



Git repository



You can browse the git repository or clone the repository:

$ git clone https://git.zx2c4.com/password-store

      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
    

All releases are tagged and tagged with 0xA5DE03AE.

Data organization

Usernames, passwords, PINs, websites, metadata, and so on

The password store does not require any particular scheme or type of organization for your data, as it is just a text file that can contain arbitrary data. Although the most common case is to store one password for each entry, some power users decide that they would like to store in the password store not only their own password, but also store the answers to security questions, website URLs, and other sensitive information or metadata. ... Since the password vault does not require its own scheme, you can choose your organization. There are many valid structures.



One approach is to use the multiline pass functions (--multiline or -m in insert) and store the password itself on the first line of the file, with additional information on subsequent lines. For example, Amazon / bookreader might look like this:

Yw|ZSNH!}z"6{ym9pI
URL: *.amazon.com/*
Username: AmazonianChicken@example.com
Secret Question 1: What is your childhood best friend's most bizarre superhero fantasy? Oh god, Amazon, it's too awful to say...
Phone Support PIN #: 84719

      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
    

This is the preferred organizational chart used by the author.



The --clip / -c options copy only the first line of such a file to the clipboard, thus making it easier to retrieve the password for login forms while storing additional information in the same file.



Another approach is to use folders and store each piece of data inside a file in that folder. For example, Amazon / bookreader / password will contain the reader's password inside the Amazon / bookreader directory, and Amazon / bookreader / secretquestion1 will contain the secret question, Amazon / bookreader / sensitivecode will contain something else related to the reader's account, and so on. You can also save your password to Amazon / bookreader, and additional data to Amazon / bookreader.meta. And another approach might be to use multiline as described above, but put the URL pattern in the filename, not inside the file.



All in all - the possibilities here are extremely numerous and there are many other organizational charts not mentioned above; you have the freedom to choose what best suits your workflow.

Skip extensions

To make it easier for users to implement a variety of use cases, pass supports extensions. Extensions installed in / usr / lib / password-store / extensions (or their distribution-dependent flavors) are always included. And those extensions that are installed in ~ / .password-store / .extensions / COMMAND.bash are enabled if the PASSWORD_STORE_ENABLE_EXTENSIONS environment variable is true. For more information, see. On the page guide .



The community has created many of these extensions:

• pass-tomb : manage password storage in TOMB
• pass-update : a simple process for updating passwords
• pass-import : a versatile tool to import from other password managers
• pass-extension-tail : a way to print only the tail of a file
• pass-extension-wclip : a plugin for using wclip on Windows
• pass-otp : support for one-time password (OTP) tokens

Compatible clients

The pass community has put together an impressive list of clients and GUIs for various platforms:

• passmenu : extremely useful and wonderful dmenu script
• qtpass : a cross-platform GUI client
• Android-Password-Store : Android App
• passforios: iOS
• pass-ios: () iOS
• passff: Firefox
• browserpass: Chrome
• Pass4Win: Windows
• pext_module_pass: Pext
• gopass: Go
• upass:
• alfred-pass:
• pass-alfred:
• pass.applescript: OS X
• pass-git-helper: git
• password-store.el: emacs
• XMonad.Prompt.Pass: Xmonad

pass

To free password data from the clutches of other (bloated) password managers, different users have come up with different password storage organizations that work best for them. Some users have provided scripts to help import passwords from other programs:

• 1password2pass.rb : Imports 1Password txt or 1pif data
• keepassx2pass.py : Imports KeepassX XML data
• keepass2csv2pass.py : Imports Keepass2 CSV data
• keepass2pass.py : Imports Keepass2 XML data
• fpm2pass.pl : Imports the XML data of the Figaro password manager.
• lastpass2pass.rb : Imports Lastpass CSV data
• kedpm2pass.py : Imports Ked Password Manager data
• revelation2pass.py: Revelation Password Manager
• gorilla2pass.rb: Password Gorilla
• pwsafe2pass.sh: PWSafe
• kwallet2pass.py: KWallet
• roboform2pass.rb: Roboform
• password-exporter2pass.py:
• pwsafe2pass.py: pwsafe
• firefox_decryptgithub.com/Unode/firefox_decrypt/#readme: Firefox,

pass was written by Jason A. Donenfeld of zx2c4.com and is licensed under the GPLv2 +.

To contribute

This is a very active project with a significant number of participants . The best way to contribute to the password repository is to join the mailing list and submit patches in git format. You can also join the #pass discussion on Freenode.

---

Our servers can be used to store any information.

Register using the link above or by clicking on the banner and get a 10% discount for the first month of renting a server of any configuration!