Yihui (Ray) Ren
Monday, May 29, 2023 | 2 minutes
An Intro to a CLI Password Management: Pass
Pass
Replace text in <> with your own info.
pass
Generate a gpg key pair
gpg --full-generate-key
Enter name and email address
To change expire date
gpg --edit-key <email>@<address>
Once you are in the interactive mode
gpg> list
gpg> expire
gpg> save
To change password
gpg --passwd <email>@<address>
To export public key
gpg --export --armor --output public.pgp <email>@<address>
To change cache time using gpg agent
in secs
cd ~/.gnupg
echo "default-cache-ttl 86400" > gpg-agent.conf
echo "max-cache-ttl 86400" >> gpg-agent.conf
Pass
Initialize Pass
gpg -K # to show key id
pass init <key_id>
pass git init
Add new password
pass insert <name> # create a new password
pass generate <name> # generate a new password
pass list # list passwords
pass generate <name>/<sub> # generate a nested password
If we replace <name> with github, we will create a password file named github.
Each password is stored as a file, like so:
~ > tree .password-store
.
├── aws.gpg
├── github
│ └── one.gpg
└── github.gpg
Query a password
pass find github # find a password file named github
pass edit github # add meta data such as a username
pass grep "gmail.com" # search meta data
pass show github # show the entire file in terminal
pass show -c github # copy the first line into clipboard
pass show -q github # generate a qrcode
pass rm github # delete a password
pass git revert HEAD # undo the previous operation
pass git log # check past operations
Sync on github
gh repo create --private password-store
pass git remote add origin git@github.com:<user>/password-store.git
pass git branch -M main
pass git push origin main
# export
gpg --output public.pgp --armor --export <email>@<address>
gpg --output private.pgp --armor --export-secret-key <email>@<address>
# transfer the files using scp or a usb disk
# import
gpg --import private.pgp
gpg --import public.pgp
gpg --edit-key <email>@<address> # then `trust` to level 5
scp -r <remote_host>:~/.gnupg ~/ # or if you have ssh
git clone git@github.com:<user>/password-store.git ~/.password-store
Integrate with shell
export GITHUB_TOKEN=$(pass show github/api/token)
alias aws="AWS_ACCESS_KEY_ID=$(pass show aws/access_id) aws"
Other Integration
dmenubrowserpasstomb