pass
the unix password manager
You can store an organize your passwords in encrypted format and organized in a hierarchy of user defined categories and depth or as a flat simple schema.
pass is a simple console command based on scripts. There are many available user interfaces for pass, or it can be used from the shell with the pass command. There are extensions available for web browsers that allow automatically filled login forms with the stored credentials.
The pass Unix Password Manager is a tool using GNU Privacy Guard (GPG) encryption so you can store passwords and various credentials securely. The pass tool is extendable adding more functionality through other open source extensions.
usage
see all the existing passwords in the store:
pass
Passwords are added to the store using the pass insert command. This accepts the name of the service as an argument and interactively prompts you to enter the password.
pass insert websiteorwhatever
If you are saving the password for a website, you can replace websiteorwhatever with the name of the website such as foo.com
The password will be saved to a new encrypted file inside your store. You can create a credential hierarchy by using forward slashes in your service names.
show passwords: (foo is the name of the site or reference tied to a password)
pass foo
for a site or reference within a category
pass catname/foo
copy the password directly to the clipboard
pass -c foo
generate new passwords via urandom
pass generate foo 8
remove site or reference password
pass rm foo
Use the pass edit command to open a password file in a text editor such as vi. Additional lines of metadata will be below the first line as the first line should be for the password. See options for adding metadata with the command using -m (multiline).
initial setup
pass uses gnupg2, which does not share it's keyring with gnupg
You will need gpg key generated, public and private.
With the key available the command format for pass will look something like this example. Replace the username and the sample key 0123456789ABCDEF with yours from .gnupg/pubring.kbx or wherever yours is stored.
pass init "nicolep 0123456789ABCDEF" pass init nicolep
issues
When copying the password to the clipboard with -c parameter, the clipboard should be cleared of the password after 45 seconds. It is noted on some distributions the password does not get cleared from the clipboard.
gpg2 key import format may be incorrect. looking at revision of proper initialization technique. reference documentation man pass
If pass is not installed you can get it from apt repository for debain/ubuntu (also in yum for redhat distros)
apt install pass
if you have generated keys with gpg you can check if exists
gpg --list-keys gpg --list-secret-keys
The default location of gpg keyring is usually in a format like this path (although could be anywhere):
/home/nicolep/.gnupg/pubring.kbx
Don't have a gpg key?
gpg --gen-key gpg --export -a nicolep > public.key gpg --export-secret-key -a "nicolep" > private.key gpg --import public.key gpg --allow-secret-key-import --import private.key
Add gpg key to gpg2 import process. You can generate or import with gnupg2. To import here is an example:
gpg2 --import private.key gpg2 --edit-key nicolep