BlackWindBooks.com | Newsletter! | risingthumb.xyz | achtung.risingthumb.xyz | github.com/RisingThumb | site map

risingthumb.xyz Over the lips, past the gums, look out tummy, here I come!

pass

What is pass? It's just a password manager. It works by using gpg encrypted files which are your passwords. This means they are encrypted and safe. It's also a password manager that is offline, so that means you have no issues with hosting it. You can if you would like, host your gpg encrypted passwords in a git repository, or in the cloud, or on an online machine so you can get them using rsync or some other file transfer tool.

There's a number of commands I will share here.

pass init passwordStoreName

This lets you initialise a password store. A password store is just a place for your passwords to be stored hence the name. This is where gpg-encryption comes in, as all the passwords are encrypted using your gpg password. There is technically more involved that you can find out using `man pass`, as pass is really just a very nice and convenient frontend for gpg.

pass add passwordName

This lets you add a password under that password name. When you do it, you'll be prompted for a password. Unless I am adding a password that I already know, I usually do not use this, as the next command is far more useful.

pass generate passwordName 20

This lets you generate a cryptographically strong password for the password named passwordName that is 20 characters long. It's fairly obvious why this is good, because it means you don't use the same password for each online service, nor have to remember them.

pass ls

This gives you a list of all password names in the password store.

Now you know all the password names(not their values) in your password store, now you need to acquire a password? Simple.

pass passwordName

This will prompt you for your gpg password, and if successful in decryption, give you the password. There is more you can do with this command that is beyond the scope of this article, such as multiple password stores, and using more than one gpg key for your password encryption. There's even OTP(One Time Passwords, the timed 6 character codes) that you can use with it.

A demonstration use is listed below.

#!/usr/bin/env bash

shopt -s nullglob globstar

typeit=0
if [[ $1 == "--type" ]]; then
	typeit=1
	shift
fi

prefix=${PASSWORD_STORE_DIR-~/.password-store}
password_files=( "$prefix"/**/*.gpg )
password_files=( "${password_files[@]#"$prefix"/}" )
password_files=( "${password_files[@]%.gpg}" )

password=$(printf '%s\n' "${password_files[@]}" | dmenu "$@")

[[ -n $password ]] || exit

if [[ $typeit -eq 0 ]]; then
	pass show -c "$password" 2>/dev/null
else
	pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } |
		xdotool type --clearmodifiers --file -
fi

For reference, dmenu is a suckless utility. This script is not my own, but is zx2c4's script I am using as an example.

=> Passmenu source code.

This script takes the list of passwords, lets you select one in the interface created by dmenu, and when you select one, copies it to the clipboard so you can paste it in the respective password box for any account you need to log into. I also have this mapped to a keybind in DWM, "Mod+Shift+P", so any time I need a password, I can get it("Mod+P" is used for pausing music which I do more frequently than I get passwords).

As you can see, it follows the UNIX philosophy pretty well, making it very useful as a password manager. It dodges the issues of contemporary online password managers that are centralised and very much so freedom-restricting, leveraging the passwords to make money from the end users. The fact it's gpg-encrypted means it's also good to use with cloud storage solutions. Overall, it's a tool oft-overlooked by people.

Published on 2022/10/06

Articles from blogs I follow around the net

BAT-EYES #5

THE LANTERN PARADE Same street, different decade. The moon was up. TAB2 had to check with his visor to make sure it wasn’t just himself who could see the myriad colorful lanterns floating solemnly over the street. He banged the side of his head until other,…

via I'm not really Stanley Lieber. September 28, 2024

Neurodivergence and accountability in free software

In November of last year, I wrote Richard Stallman’s political discourse on sex, which argues that Richard Stallman, the founder of and present-day voting member of the board of directors of the Free Software Foundation (FSF), endorses and advocates for a ha…

via Drew DeVault's blog September 25, 2024

reblog - Moments of Introspection: Fun With AI: Cute Doggies

Moments of Introspection: Fun With AI: Cute Doggies: I am starting to get into creating graphics with AI. The following doggies, I created with  Idyllic . I was trying to get a god that is simi...:::Feed:::

via Filozofia September 24, 2024

Generated by openring