Pass – Simple command-line password manager for Linux

Keep tracking the password is one of the big challenge to everyone now a days since we has multiple password like email, bank, social media, online portal, and ftp, etc.,.

Password managers are become very famous due to the demand and usage. In Linux so many alternatives are available, GUI based and CLI based. Today we are going to discuss about CLI based password manager called pass.

pass is a simple command line password manager for Linux which stores password inside of a gpg encrypted file. These encrypted files are organized in well folder hierarchies.

All passwords live in ~/.password-store, and it provides simple commands for adding, editing, generating, and retrieving passwords.

Suggested Read : KeePass – A Best Password Management Tool To Store/Secure Passwords

It is a very short and simple shell script. It’s capable of temporarily putting passwords on your clipboard and tracking password changes using git.It uses few default tools like gnupg, tree and git, there are active community offering GUI & extensions for pass.

How to install Pass in Linux ?

Pass is available in the repositories of most major distributions. So, use your distribution package manager to get installed.

For Debian based systems, use apt-get or apt package manager to install pass.

$ sudo apt-get install pass

For RHEL/CentOS based systems, use yum package manager to install pass.

$ sudo yum install pass

For Fedora system, use dnf package manager to install pass.

$ sudo dnf install pass

For openSUSE system, use zypper package manager to install pass.

$ sudo zypper in password-store

For Arch Linux based systems, use pacman package manager to install pass.

$ pacman -S pass

How to generate GPG key pair ?

Make sure you have your own GPG key pair. If no, create a GPG key pair by running following command on terminal and follow the instructions.

$ gpg --gen-key

The above command will ask a series of questions to create a GPG key pair, so input the required details carefully and few question you can leave default answer which is enough.

Initiate the password store

If you got a GPG key pair then initialize the local password store by running the following command, you can pass either email-id or gpg-id.

$ pass init [email protected]
mkdir: created directory '/home/magi/.password-store/'
Password store initialized for [email protected]

The above command will create a password store under ~/.password-store directory.

pass command is offering simple syntax to manage password. Let’s see one by one like adding, editing, generating, and retrieving passwords.

Check the hierarchical tree by firing below command.

$ pass
or
$ pass ls
or
$ pass show
Password Store

I didn’t see any tree hierarchical, so we will create our own based on our requirement.

Insert a new password info

We are going to save gmail id and its password by running below command.

$ pass insert eMail/[email protected]
mkdir: created directory '/home/magi/.password-store/eMail'
Enter password for eMail/[email protected]: 
Retype password for eMail/[email protected]:

Do the same until you insert all your entries. Saving Facebook credential.

$ pass insert Social/Facebook_2daygeek
mkdir: created directory '/home/magi/.password-store/Social'
Enter password for Social/Facebook_2daygeek: 
Retype password for Social/Facebook_2daygeek: 

We can list all the existing passwords in the store.

$ pass show
Password Store
├── 2g
├── Bank
├── eMail
│   ├── [email protected]
│   └── [email protected]
├── eMail
├── Social
│   ├── Facebook_2daygeek
│   └── Gplus_2daygeek
├── Social
└── Sudha
    └── [email protected]

Show existing password

Run the following command to retrieve password info from password store, It will ask you to enter the passphrase to unlock.

$ pass eMail/[email protected]
*******

Copy the password in clipboard

To copy the password directly onto the clipboard temporarily instead of printing on terminal, use the following command which is more secure method and it will clear the password automatically after 45 seconds.

$ pass -c eMail/[email protected]
Copied eMail/[email protected] to clipboard. Will clear in 45 seconds.

Generate a new password

If you want to generate hard and guess password instead of odd one, it will do by using the pwgen utility internally.

$ pass generate eMail/[email protected] 15
An entry already exists for eMail/[email protected]. Overwrite it? [y/N] y
The generated password for eMail/[email protected] is:
y!NZ<%T)5Iwym_S

To generate password without symbols.

$ pass generate eMail/[email protected] 15 -n
An entry already exists for eMail/[email protected]. Overwrite it? [y/N] y
The generated password for eMail/[email protected] is:
TP9ACLyzUZUwBwO

Edit existing password

Insert a new password or edit an existing password using editor. When you run below command it will open the file /dev/shm/pass.wUyGth1Hv0rnh/[email protected] in text editor which contain the password. Just add new password then save and exit.

$ pass edit eMail/[email protected]

File: /dev/shm/pass.wUyGth1Hv0rnh/[email protected]                                                                   
TP9ACLyzUZUwBwO

Remove a Password

To remove existing password. It will remove the entry from ~/.password-store which is contain .gpg

$ pass rm eMail/[email protected]
Are you sure you would like to delete eMail/[email protected]? [y/N] y
removed '/home/magi/.password-store/eMail/[email protected]'

Multi-line functionality

To save detailed info like, URL, username, password, pin, etc,., Use the following format. Make sure you have to add first entry as a password since it used to copy first line as a password when you use clipboard option, and the additional information on subsequent lines.

$ pass insert eMail/[email protected] -m
Enter contents of eMail/[email protected] and press Ctrl+D when finished:

H3$%hbhYT
URL : https://www.2daygeek.com
Info : Linux Tips & Tricks
Ftp User : 2g

3 Comments on “Pass – Simple command-line password manager for Linux”

  1. Thanks for the helpful tutorial.

    One question: I am new to MacOS as of this week. How do you get the MacOS Password Manager to pop up and ask to save the password? I want to use pass, but I don’t want to have to enter my gpg password/passphrase every time I try to show or copy a saved password.

    Thank you

Leave a Reply

Your email address will not be published. Required fields are marked *