Password management should be simple and follow Unix philosophy. With pass
, each password lives inside of a gpg encrypted file whose filename is the title of the website or resource that requires the password. These encrypted files may be organized into meaningful folder hierarchies, copied from computer to computer, and, in general, manipulated using standard command line file management utilities.pass
makes managing these individual password files extremely easy. All passwords live in ~/.password-store, and pass
provides some nice commands for adding, editing, generating, and retrieving passwords. It is a very short and simple shell script. It's capable of temporarily putting passwords on your clipboard and tracking password changes using git.
You can edit the password store using ordinary unix shell commands alongside the pass command. There are no funky file formats or new paradigms to learn. There is bash completion so that you can simply hit tab to fill in names and commands, as well as completion for zsh and fish available in the contrib folder. The community has even produced an iOS app.
command is extensively documented in its man pageTo free password data from the clutches of other (bloated) password managers, various users have come up with different password store organizations that work best for them. Some users have contributed scripts to help import passwords from other programs:
keepassx2pass.py: imports KeepassX XML data
fpm2pass.pl: imports Figaro's Password Manager XML data
lastpass2pass.rb: imports Lastpass CSV data
kedpm2pass.py: imports Ked Password Manager data
revelation2pass.py: imports Revelation Password Manager data
gorilla2pass.rb: imports Password Gorilla dataFull blog with links to the above
March 27, 2013 — liquidat Pass – A perfect shell based password manager
Pass is a tool to store and manage passwords and other data securely and on command line – even with built in support for Git and remote Git repositories. Thus it is a welcomed alternative for existing password managers which often require a GUI, or do not provide repository support.