قالب وردپرس درنا توس
Home / Tips and Tricks / How to use Pass, a command line password manager for Linux systems – CloudSavvy IT

How to use Pass, a command line password manager for Linux systems – CloudSavvy IT



Image with the pass terminal command on a dark background

Pass is a command line password manager built with the Unix philosophy in mind. It allows you to communicate with your passwords using common Unix commands. Credentials are stored in GPG encoded files.

Set up

pass is available within the package managers of the most popular Linux distributions. Try to install it as pass using the package manager relevant to you, such as apt for Ubuntu / Debian or yum for Fedora / RHEL. Specific guidelines for each supported distribution are available on the Pass website.

Before proceeding you will need a GPG key. The key is used to encrypt the contents of your password store. You can create a new one using the following terminal command:

gpg --full-generate-key

Follow the instructions to create your key and make sure to write down the ID. You must use the default key type (RSA and RSA), but change the key size to 4,096 bits for maximum security.

With your GPG key available, you are now ready to initialize pass. Run the following command and replace placeholder-gpg-id with your own GPG ID.

pass init placeholder-gpg-key

A new directory, .password-store, will be created in your home folder. Pass stores your passwords here. Each password gets its own file, making it easy to back up login data, individually or in bulk.

Screenshot of

You can optionally use multiple password stores by using the PASSWORD_STORE_DIR environment variable in your shell. This allows you to override the default storage folder and access passwords stored in any location.

Add passwords to the store

Passwords are added to the store with the pass insert order. This takes the name of the service as an argument and interactively prompts you to enter the password.

Screenshot of

The password will be saved in a new encrypted file in your store. You can create a reference hierarchy by using slashes in your service names. This results in a tree of subfolders at the root of the password store.

Screenshot of

Pass can generate new passwords for you. Use pass generatefollowed by the service name and then the character length to be produced. By default, a strong password is created consisting of alphanumeric and special characters. You can prevent special characters from appearing with the --no-symbols (-n) flag.

pass generate cloudsavvy/example-generated 32 --no-symbols

The above command will generate a new 32 character password, save it as cloudsavvy/example-generated, and send it to the terminal. You can have it copied to the clipboard by using the --clip (-c) flag.

Retrieve your passwords

To display the names of all your passwords, enter it pass command without any arguments.

Screenshot of

To get the value of a password, enter its name as the sole argument to the command.

Screenshot of password retrieval with

The password is sent to the terminal by default. You can instead copy it to the clipboard by using the --clip (-c) flag. Clipboard data is automatically cleared after 45 seconds to maintain security.

Passwords are removed by passing the name of a credential to pass rm (e.g pass rm cloudsavvy/example). Likewise, you can edit passwords with pass edit. The password file will open in your default text editor.

Any interaction with passwords will bring up a system prompt to unlock your GPG key. You will need to enter your key passphrase if it is secured. This acts as the master key that protects your entire password store.

Multi-line passwords

Since passwords are just text files, it is possible to add multiple lines of data. This is ideal when you need to store additional security information, such as recovery codes for two-factor authentication.

Use the pass edit command to open a password file in your editor. Add extra lines to the file to include any additional metadata you need. The actual password must remain on the first line, without a prefix, to ensure that it is correctly recognized by Pass’s shorthand commands on the clipboard.

Screenshot of

You can save time creating passwords by using the --multiline (-m) option to the pass insert order. This allows you to enter multiple lines in your terminal. Press Ctrl + D when ready to save the credentials to your store.

Git integration

Pass has built-in support for Git. This allows you to version control your passwords and provides a simple mechanism for keeping data synchronized between machines. Run pass git init to add Git to your password store.

You can now just use Pass. Every time a password is added, changed, or removed, a Git commit is created. You can interact with the Git repository by using normal Git commands preceded by pass git:

pass git remote add origin example-server:/passwords.git
pass git push -u origin master

The previous command adds an external Git repository to your password store. You can then git push your passwords in it, so you can get a backup in case you lose access to your current machine.

Pass is an intentionally minimal solution. It is much simpler than most graphical password managers and prefers a file-based approach that adheres to Unix principles. A strong ecosystem of third-party projects supports the Pass core, allowing integration with other apps and operating systems.

Data importers are available for the most popular password managers, including 1Password, Keepass and Lastpass. Compatible client apps are available for Android, iOS and Windows. dmenu users can use the passmenu script to quickly find and select passwords without opening a terminal window.

The Pass website features many notable community projects that extend the functionality of the tool and enable data portability to other platforms. You can find out more about using Pass itself on the manual page, accessible via running man pass in a terminal.


Source link