Unix Password Manager

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search

pass

the unix password manager

You can store an organize your passwords in encrypted format and organized in a hierarchy of user defined categories and depth or as a flat simple schema.

pass is a simple console command based on scripts. There are many available user interfaces for pass, or it can be used from the shell with the pass command. There are extensions available for web browsers that allow automatically filled login forms with the stored credentials.

The pass Unix Password Manager is a tool using GNU Privacy Guard (GPG) encryption so you can store passwords and various credentials securely. The pass tool is extendable adding more functionality through other open source extensions.

usage

see all the existing passwords in the store:

pass

Passwords are added to the store using the pass insert command. This accepts the name of the service as an argument and interactively prompts you to enter the password.

pass insert websiteorwhatever

If you are saving the password for a website, you can replace websiteorwhatever with the name of the website such as foo.com

The password will be saved to a new encrypted file inside your store. You can create a credential hierarchy by using forward slashes in your service names.

show passwords: (foo is the name of the site or reference tied to a password)

pass foo

for a site or reference within a category

pass catname/foo

copy the password directly to the clipboard

pass -c foo

generate new passwords via urandom

pass generate foo 8

remove site or reference password

pass rm foo

Use the pass edit command to open a password file in a text editor such as vi. Additional lines of metadata will be below the first line as the first line should be for the password. See options for adding metadata with the command using -m (multiline).

initial setup

pass uses gnupg2, which does not share it's keyring with gnupg

You will need gpg key generated, public and private.

With the key available the command format for pass will look something like this example. Replace the username and the sample key 0123456789ABCDEF with yours from .gnupg/pubring.kbx or wherever yours is stored.

pass init "nicolep 0123456789ABCDEF"
pass init nicolep

issues

When copying the password to the clipboard with -c parameter, the clipboard should be cleared of the password after 45 seconds. It is noted on some distributions the password does not get cleared from the clipboard.

gpg2 key import format may be incorrect. looking at revision of proper initialization technique. reference documentation man pass

If pass is not installed you can get it from apt repository for debain/ubuntu (also in yum for redhat distros)

apt install pass

if you have generated keys with gpg you can check if exists

gpg --list-keys
gpg --list-secret-keys

The default location of gpg keyring is usually in a format like this path (although could be anywhere):

/home/nicolep/.gnupg/pubring.kbx

Don't have a gpg key?

gpg --gen-key
gpg --export -a nicolep > public.key
gpg --export-secret-key -a "nicolep" > private.key
gpg --import public.key
gpg --allow-secret-key-import --import private.key

Add gpg key to gpg2 import process. You can generate or import with gnupg2. To import here is an example:

gpg2 --import private.key
gpg2 --edit-key nicolep