Learn Docker With My Newest Course

Dive into Docker takes you from "What is Docker?" to confidently applying Docker to your own projects. It's packed with best practices and examples. Start Learning Docker →

Updated on November 17th, 2020 in #dev-environment, #linux

Managing Your Passwords on the Command Line in Linux with pass

blog/cards/manage-your-passwords-on-the-command-line-in-linux-with-pass.jpg

Learn how to easily encrypt and organize all of your passwords on the command line using a great little program called 'pass'.

Quick Jump: Access Any of Your Passwords in 3 Seconds | What Makes pass So Good? | Is It Just for Passwords? | Install and Learn More About pass

If you’re new to using Linux, or perhaps watched my WSL 2 and tools I use video for Windows 10 you might be wondering how to manage your passwords in a reasonable way.

Update: since I originally released this blog post in February 2016, the tool has been updated to work on macOS. Between Linux, WSL on Windows and macOS you’ll be able to run it on most devices. There’s even Android and iOS clients too!

I’ve also made a more in-depth post and video about pass here.

Access Any of Your Passwords in 3 Seconds

Chances are you’re working in a terminal very frequently, so wouldn’t it make sense to use a password manager that works from the command line?

I think so, so that’s why I use this excellent tool called pass.

pass Uses GPG to Secure Your Passwords

If I’m going to save my passwords in a way that another tool can read them, then I want to be damn sure that my passwords are secure.

There’s really no better way to do this than with GPG.

The upside to this is the pass tool itself doesn’t handle the encryption, and instead it’s off loaded to the industry standard GPG toolset.

The downside to this is you’ll need a GPG keypair but I wouldn’t even call this a downside because you really should be encrypting your sensitive data with GPG.

Do You Need to Create a GPG Keypair?

Yes, if you don’t already have one, you’ll need to create one.

Creating a GPG key pair is something you only do once and I put together this video on how to create and manage a GPG key pair. You’ll be up and running with a key in a few minutes.

What Makes pass So Good?

Well, let’s say you wanted to get your password to Amazon. It would be as simple as typing pass Sites/Amazon -c and now your password would be copied to your clipboard for 45 seconds.

You could always omit the -c to have it print your password if you wanted to do that instead. The Sites/ bit is completely user defined too. You can choose to namespace your passwords however you want and since they are just folders on your drive, you can take advantage of auto-complete in the terminal.

Is It Just for Passwords?

One of the great things about pass is that it allows you to create multi-line entries which allows for really interesting use cases.

Let’s say you had an account on Amazon Web Services (AWS) and you wanted to keep a few bits of information securely stored together, such as:

  • The email address you used to register an account
  • Your root account password
  • A non-root user account and password
  • Your secret API keys

With pass, setting up something like that is simple. Here’s a quick demo:

If you wanted to see all of your credentials, you would type:

nick@oriath:/tmp ⚡ pass Sites/Cloud/AWS
nonrootpassword
Email: foo@bar.com
Root password: rootpassword
Access Key ID: abc
Secret Access Key: xyz

If you wanted just your non-root password copied to the clipboard, you’d run pass Sites/Cloud/AWS -c and it knows to copy the first line to the clipboard.

Install and Learn More About pass

pass is free to use and you can install it on many different platforms.

Are you using pass? Let me know below!

Never Miss a Tip, Trick or Tutorial

Like you, I'm super protective of my inbox, so don't worry about getting spammed. You can expect a few emails per month (at most), and you can 1-click unsubscribe at any time. See what else you'll get too.

Comments