Managing Your Passwords on the Command Line in Linux with pass
Learn how to easily encrypt and organize all of your passwords on the command line using a great little program called 'pass'.
Quick Jump: Access Any of Your Passwords in 3 Seconds | What Makes pass So Good? | Is It Just for Passwords? | Install and Learn More About pass
If you’re new to using Linux, or perhaps watched my WSL 2 and tools I use video for Windows 10 you might be wondering how to manage your passwords in a reasonable way.
Update: since I originally released this blog post in February 2016, the tool has been updated to work on macOS. Between Linux, WSL on Windows and macOS you’ll be able to run it on most devices. There’s even Android and iOS clients too!
Access Any of Your Passwords in 3 Seconds
Chances are you’re working in a terminal very frequently, so wouldn’t it make sense to use a password manager that works from the command line?
I think so, so that’s why I use this excellent tool called pass.
pass Uses GPG to Secure Your Passwords
If I’m going to save my passwords in a way that another tool can read them, then I want to be damn sure that my passwords are secure.
There’s really no better way to do this than with GPG.
The upside to this is the
pass tool itself doesn’t handle the encryption, and instead it’s off loaded to the industry standard GPG toolset.
The downside to this is you’ll need a GPG keypair but I wouldn’t even call this a downside because you really should be encrypting your sensitive data with GPG.
Do You Need to Create a GPG Keypair?
Yes, if you don’t already have one, you’ll need to create one.
Creating a GPG key pair is something you only do once and I put together this video on how to create and manage a GPG key pair. You’ll be up and running with a key in a few minutes.
What Makes pass So Good?
Well, let’s say you wanted to get your password to Amazon. It would be as simple as typing
pass Sites/Amazon -c and now your password would be copied to your clipboard for 45 seconds.
You could always omit the
-c to have it print your password if you wanted to do that instead. The
Sites/ bit is completely user defined too. You can choose to namespace your passwords however you want and since they are just folders on your drive, you can take advantage of auto-complete in the terminal.
Is It Just for Passwords?
One of the great things about
pass is that it allows you to create multi-line entries which allows for really interesting use cases.
Let’s say you had an account on Amazon Web Services (AWS) and you wanted to keep a few bits of information securely stored together, such as:
- The email address you used to register an account
- Your root account password
- A non-root user account and password
- Your secret API keys
pass, setting up something like that is simple. Here’s a quick demo:
If you wanted to see all of your credentials, you would type:
nick@oriath:/tmp ⚡ pass Sites/Cloud/AWS nonrootpassword Email: firstname.lastname@example.org Root password: rootpassword Access Key ID: abc Secret Access Key: xyz
If you wanted just your non-root password copied to the clipboard, you’d run
pass Sites/Cloud/AWS -c and it knows to copy the first line to the clipboard.
Install and Learn More About pass
pass is free to use and you can install it on many different platforms.
Are you using pass? Let me know below!