risingthumb.xyz Bringing the pain to an already pained web

pass

The only password manager that matters

What is pass? It's just a password manager. It works by using gpg encrypted files which are your passwords. This means they are encrypted and safe. It's also a password manager that is offline, so that means you have no issues with hosting it. You can if you would like, host your gpg encrypted passwords in a git repository, or in the cloud, or on an online machine so you can get them using rsync or some other file transfer tool.

There's a number of commands I will share here.

pass init passwordStoreName

This lets you initialise a password store. A password store is just a place for your passwords to be stored hence the name. This is where gpg-encryption comes in, as all the passwords are encrypted using your gpg password. There is technically more involved that you can find out using `man pass`, as pass is really just a very nice and convenient frontend for gpg.

pass add passwordName

This lets you add a password under that password name. When you do it, you'll be prompted for a password. Unless I am adding a password that I already know, I usually do not use this, as the next command is far more useful.

pass generate passwordName 20

This lets you generate a cryptographically strong password for the password named passwordName that is 20 characters long. It's fairly obvious why this is good, because it means you don't use the same password for each online service, nor have to remember them.

pass ls

This gives you a list of all password names in the password store.

Now you know all the password names(not their values) in your password store, now you need to acquire a password? Simple.

pass passwordName

This will prompt you for your gpg password, and if successful in decryption, give you the password. There is more you can do with this command that is beyond the scope of this article, such as multiple password stores, and using more than one gpg key for your password encryption. There's even OTP(One Time Passwords, the timed 6 character codes) that you can use with it.

A demonstration use is listed below.

#!/usr/bin/env bash

shopt -s nullglob globstar

typeit=0
if [[ $1 == "--type" ]]; then
	typeit=1
	shift
fi

prefix=${PASSWORD_STORE_DIR-~/.password-store}
password_files=( "$prefix"/**/*.gpg )
password_files=( "${password_files[@]#"$prefix"/}" )
password_files=( "${password_files[@]%.gpg}" )

password=$(printf '%s\n' "${password_files[@]}" | dmenu "$@")

[[ -n $password ]] || exit

if [[ $typeit -eq 0 ]]; then
	pass show -c "$password" 2>/dev/null
else
	pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } |
		xdotool type --clearmodifiers --file -
fi

For reference, dmenu is a suckless utility. This script is not my own, but is zx2c4's script I am using as an example.

=> Passmenu source code.

This script takes the list of passwords, lets you select one in the interface created by dmenu, and when you select one, copies it to the clipboard so you can paste it in the respective password box for any account you need to log into. I also have this mapped to a keybind in DWM, "Mod+Shift+P", so any time I need a password, I can get it("Mod+P" is used for pausing music which I do more frequently than I get passwords).

As you can see, it follows the UNIX philosophy pretty well, making it very useful as a password manager. It dodges the issues of contemporary online password managers that are centralised and very much so freedom-restricting, leveraging the passwords to make money from the end users. The fact it's gpg-encrypted means it's also good to use with cloud storage solutions. Overall, it's a tool oft-overlooked by people.


To post a comment you need to login first.

Articles from blogs I follow around the net

...

pt. i pt. ii

via I'm not really Stanley Lieber. September 17, 2021

Status update, September 2021

It’s a quiet, foggy morning here in Amsterdam, and here with my fresh mug of coffee and a cuddly cat in my lap, I’d like to share the latest news on my FOSS efforts with you. Grab yourself a warm drink and a cat of your own and let’s get started. First, a new…

via Drew DeVault's blog September 15, 2021

Help Archive Team Archive public Google Drive files before September 13!

On September 13, Google is going to start requiring longer URLs to access many Google Drive files, breaking links to public files across the web unless users opt out! Because…

via Data Horde September 11, 2021

Generated by openring