Pass is a free and open-source command-line interface password manager for Mac OS, Linux, and Unix systems. Pass can store, retrieve, generate and synchronize passwords. It encrypts passwords using GnuPG and stores them inside a directory tree located at ~/.password-store. This password-store can be manipulated using simple commands. More information can be found at https://www.passwordstore.org.
To install it:
Generate GPG Key
First, we need to generate the gpg-id, to do so, do the following:
The prompt will ask you to enter information such as name and email. Do enter them. Once done, type “o”, and press enter. When you do so, you’ll get a pop-up asking you to enter a password. Here, enter a master password. Once everything is done, the system will chuck out a gpg key, retrieve it. You will need this key for the next step.
Before any other commands can be passed to the utility, you must first initialize it using the following:
Here, the GPG id that you collected in the previous step must be entered as the gpg-id. This gpg-id will be stored at ~/.password-store/.gpg-id.
The general usage is as follows:
If and when you do not specify a command in the previous argument, the show or ls command will be passed by default. Commands include: init, ls, grep, find, show, insert, edit, generate, rm, mv, cp, git, help, and version.
Insert a New Password
The next thing we might want to do is to insert a new password into the password manager:
At this point, you’ll be asked to enter the password, so enter it.
Here, of course, you can create directories and sub-directories. For example, you can create a folder called Email, and another called Websites, then create a sub-folder within Email – one for Yandex, and one for Gmail (for example). In all cases, we use the insert command to create the password tree.
You can then list the passwords using the pass command:
The pass command, when passed alone, will create a directory tree/map of the password store. It will display both folders and the available emails and websites that you’ve created. In my case, I’ve created two folders – one called email and one called website. Within each folder, I put a single file. In order to see everything, you can either type pass or pass show. Both commands will show the directory map.
Find Passwords in Password-store
You can also search for terms in the password-store. For example, in my case, I have an email and a website stored within the password store. If I wanted to look for all of my mail, for example, I can search for them using the find command:
The latter would chuck out the email addresses and/or the websites stored within pass that ends with a “.ca”. In my case, I have a single file with a “.ca”, and so it would chuck out that file (amazon.ca).
Move a Password File
Another function that is integrated into the Pass Password manager is the mv or move command. It allows you to move files around from one directory to another.
The latter would move the amazon.ca file in the Email folder to the Website folder.
Now, the next thing you might want to do is to retrieve the password. In order to retrieve the password, type the following:
The latter will generate a prompt where you have to enter the master password. Once the master password has been entered, you should be able to view the password for the site in plain text.
Further, you can also generate passwords using the generate command.
Here, after the generate command, you can enter the folder and email or website for which this password will be generated. After that, you can enter the number of characters that this password will be in length. In the example above, I have asked pass to generate a password of 8 characters in length for [email protected] which will be dumped in the Email folder.
Lastly, to remove a password from the password store:
Here, however, the command remove also works. In order to remove the password from the password-store, a full path must be specified.
Important Files and Folders
All passwords are stored within the ~/.password-store folder. This is the default password storage directory. Further, within this folder, the gpg encryption/decryption key is found in a hidden file called .gpg-id located at ~/.password-store/.gpg-id. Lastly, extensions are found within ~/.password-store/.extensions.
In my case, the password-store was located at /home/kalyani/.password-store. The next time you want to do anything to your password, you have to navigate to the password-store directory, and from there, you can perform all commands. Please note that nothing should be stored as plain text. All your information should in theory, if properly configured, be encrypted with a .gpg tag.
Remembering a dozen different passwords to a dozen different sites is not feasible. Writing down all said passwords in a notebook, and storing the notebook in a safe place is not practical. In such cases, as dangerous as it may seem, we have to lock away our passwords on our systems themselves. On Ubuntu, we need a package that is free, open source, and safe. Pass is one such package. In this tutorial, we learned to insert, remove, list, generate, move, find and retrieve passwords using Pass. Pass is indeed a simple yet powerful package.