Managing Your Passwords on the Command Line in Linux with pass
Learn how to easily encrypt and organize all of your passwords on the command line using a great little program called 'pass'.
If you’re new to using Linux, or perhaps watched my introduction screencast on how to run Linux and Windows together seamlessly you might be wondering how to manage your passwords in a reasonable way.
Access Any of Your Passwords in 3 Seconds
Chances are you’re working in a terminal very frequently, so wouldn’t it make sense to use a password manager that works from the command line?
I think so, so that’s why I use this excellent tool called pass.
pass Uses GPG to Secure Your Passwords
If I’m going to save my passwords in a way that another tool can read them, then I want to be damn sure that my passwords are secure.
There’s really no better way to do this than with GPG.
The upside to this is the
pass tool itself doesn’t handle the encryption, and instead it’s off loaded to the industry standard GPG toolset.
The downside to this is you’ll need a GPG keypair but I wouldn’t even call this a downside because you really should be encrypting your sensitive data with GPG.
Do You Need to Create a GPG Keypair?
Yes, if you don’t already have one, you’ll need to create one.
Creating a GPG keypair is something you only do once and fortunately there’s an awesome guide on creating the perfect GPG keypair which should take you about 10 minutes to complete.
pass So Good?
Well, let’s say you wanted to get your password to Amazon. It would be as simple as typing
pass Sites/Amazon -c and now your password would be copied to your clipboard for 45 seconds.
You could always omit the
-c to have it print your password if you wanted to do that instead. The
Sites/ bit is completely user defined too. You can choose to namespace your passwords however you want and since they are just folders on your drive, you can take advantage of auto-complete in the terminal.
Is It Just for Passwords?
One of the great things about
pass is that it allows you to create multi-line entries which allows for really interesting use cases.
Let’s say you had an account on Amazon Web Services (AWS) and you wanted to keep a few bits of information securely stored together, such as:
- The email address you used to register an account
- Your root account password
- A non-root user account and password
- Your secret API keys
pass, setting up something like that is simple. Here’s a quick demo:
If you wanted to see all of your credentials, you would type:
nick@oriath:/tmp ⚡ pass Sites/Cloud/AWS nonrootpassword Email: firstname.lastname@example.org Root password: rootpassword Access Key ID: abc Secret Access Key: xyz
If you wanted just your non-root password copied to the clipboard, you’d run
pass Sites/Cloud/AWS -c and it knows to copy the first line to the clipboard.
Install and Learn More About
pass is free to use and you can install it on many different distributions of Linux.