theshell.ch/site/pages/cmd/interm/pass.html

111 lines
3.4 KiB
HTML
Raw Normal View History

---
layout: page
category-page: intermediate
category-title: Intermediate commands
tags: password dashlane keypass manager gpg encrypt sync
author: Claudio Maggioni
title: pass
---
<p>
The <code>pass</code> command, also known as <em>Password Store</em>, is an
entirely offline password manager that uses <em>GPG</em> for encryption with
the ability to sync the (entirely encrypted) passwords using <code>git</code>.
<code>pass</code> works on <em>MacOS</em> (avaliable via
<a href="https://brew.sh">Homebrew</a>), <em>Linux</em> and on
<em>Android</em> (with a GUI app). Think of it as an entirely FLOSS
alternative to services like <em>Keypass</em> or <em>Dashlane</em>.
</p>
<p>
Excluding the initial setup (that requires the creation of a <em>GPG key</em>),
<code>pass</code> is very easy and straightforward to use: instead of
printing passwords to <em>stdout</em>, <code>pass</code> copies them in the
system clipboard, erasing them after a certain number of seconds (usually
<em>45</em>).
</p>
<p>
<code>pass</code> has many unofficial GUI clients and migration scripts from
other password managers. For more information, check out
<a href=https://www.passwordstore.org/#other">the official website</a>.
</p>
<h3>Setup</h3>
<p>
An accurate walkthrough through the setup of <code>pass</code>, in addition
to some other useful sets of commands (such as how to migrate the password
repository to another computer) is provided
in this <a href="https://gist.github.com/flbuddymooreiv/a4f24da7e0c3552942ff">
GitHub Gist</a> by <a href="https://github.com/flbuddymooreiv">
<em>flbuddymooreiv</em></a>.
</p>
<p>
For more detailed explainations on the setup process or on any commands
please check out the online version of the
<a href="https://git.zx2c4.com/password-store/about/">man page</a>, which is
surprisingly more readable that most of the man pages for other utilities.
</p>
<h3>Usage</h3>
<p>
Common <code>pass</code> commands are shown below. For more information refer
to the documentation linked above.
</p>
<h4>Initialize the password repository with a GPG key with id "0DEADBEEF"</h4>
<pre>
pass init 0DEADBEEF
</pre>
<h4>Insert a password for <em>example.com</em> with username <em>bob</em> in
the password repository interactively</h4>
<pre>
pass insert example.com/bob
</pre>
<p>
Please note that the password <em>name</em> here follows the most common
naming convention in <code>pass</code>, which is
<code>{website}/{username}</code>. Passwords can be stored in
hierarchical structures (i.e. in nested folders), but the naming is up to the
user.
</p>
<h4>Generate a password for <em>zombo.com</em> of 16 characters and copy it in
the clipboard</h4>
<pre>
pass generate -c zombo.com/bob 16
</pre>
<h4>Retrieve the password for <em>google.com</em> and copy it in the system
clipboard (<code>-c</code> flag)</h4>
<pre>
pass -c google.com/bob@gmail.com
</pre>
<h4>Edit the password for <em>facebook.com</em> using the default editor</h4>
<pre>
pass edit facebook.com/bob
</pre>
<h4>Convert the password repository to a git repository for synchronization</h4>
<pre>
pass git init
</pre>
<p>
Every <code>git</code> command on the password repository must be given with
the prefix <code>pass git</code> (e.g. <code>pass git push</code>). An
automatic commit is performed whenever a password is created, edited or
deleted.
</p>