--- layout: page category-page: intermediate category-title: Intermediate commands tags: password dashlane keypass manager gpg encrypt sync author: Claudio Maggioni title: pass ---
The pass
command, also known as Password Store, is an
entirely offline password manager that uses GPG for encryption with
the ability to sync the (entirely encrypted) passwords using git
.
pass
works on MacOS (avaliable via
Homebrew), Linux and on
Android (with a GUI app). Think of it as an entirely FLOSS
alternative to services like Keypass or Dashlane.
Excluding the initial setup (that requires the creation of a GPG key),
pass
is very easy and straightforward to use: instead of
printing passwords to stdout, pass
copies them in the
system clipboard, erasing them after a certain number of seconds (usually
45).
pass
has many unofficial GUI clients and migration scripts from
other password managers. For more information, check out
the official website.
An accurate walkthrough through the setup of pass
, in addition
to some other useful sets of commands (such as how to migrate the password
repository to another computer) is provided
in this
GitHub Gist by
flbuddymooreiv.
For more detailed explainations on the setup process or on any commands
please check out the online version of the
man page, which is
surprisingly more readable that most of the man pages for other utilities.
Common pass
commands are shown below. For more information refer
to the documentation linked above.
Example: Initialize the password repository with a GPG key with id "0DEADBEEF"
pass init 0DEADBEEFExample: Insert a password for example.com with username bob in the password repository interactively
pass insert example.com/bobPlease note that the password name here follows the most common naming convention in
pass
, which is
{website}/{username}
. Passwords can be stored in
hierarchical structures (i.e. in nested folders), but the naming is up to the
user.pass generate -c zombo.com/bob 16Example: Retrieve the password for google.com and copy it in the system clipboard (
-c
flag)
pass -c google.com/bob@gmail.comExample: Edit the password for facebook.com using the default editor
pass edit facebook.com/bobEdit: Convert the password repository to a git repository for synchronization
pass git initEvery
git
command on the password repository must be given with
the prefix pass git
(e.g. pass git push
). An
automatic commit is performed whenever a password is created, edited or
deleted.