Learn Docker With My Newest Course

Dive into Docker takes you from "What is Docker?" to confidently applying Docker to your own projects. It's packed with best practices and examples. Start Learning Docker →

Managing Your Passwords on the Command Line in Linux with pass

blog/cards/manage-your-passwords-on-the-command-line-in-linux-with-pass.jpg

Learn how to easily encrypt and organize all of your passwords on the command line using a great little program called 'pass'.

Quick Jump: Access Any of Your Passwords in 3 Seconds | What Makes `pass` So Good? | Is It Just for Passwords? | Install and Learn More About `pass`

If you’re new to using Linux, or perhaps watched my introduction screencast on how to run Linux and Windows together seamlessly you might be wondering how to manage your passwords in a reasonable way.

Access Any of Your Passwords in 3 Seconds

Chances are you’re working in a terminal very frequently, so wouldn’t it make sense to use a password manager that works from the command line?

I think so, so that’s why I use this excellent tool called pass.

pass Uses GPG to Secure Your Passwords

If I’m going to save my passwords in a way that another tool can read them, then I want to be damn sure that my passwords are secure.

There’s really no better way to do this than with GPG.

The upside to this is the pass tool itself doesn’t handle the encryption, and instead it’s off loaded to the industry standard GPG toolset.

The downside to this is you’ll need a GPG keypair but I wouldn’t even call this a downside because you really should be encrypting your sensitive data with GPG.

Do You Need to Create a GPG Keypair?

Yes, if you don’t already have one, you’ll need to create one.

Creating a GPG keypair is something you only do once and fortunately there’s an awesome guide on creating the perfect GPG keypair which should take you about 10 minutes to complete.

What Makes pass So Good?

Well, let’s say you wanted to get your password to Amazon. It would be as simple as typing pass Sites/Amazon -c and now your password would be copied to your clipboard for 45 seconds.

You could always omit the -c to have it print your password if you wanted to do that instead. The Sites/ bit is completely user defined too. You can choose to namespace your passwords however you want and since they are just folders on your drive, you can take advantage of auto-complete in the terminal.

Is It Just for Passwords?

One of the great things about pass is that it allows you to create multi-line entries which allows for really interesting use cases.

Let’s say you had an account on Amazon Web Services (AWS) and you wanted to keep a few bits of information securely stored together, such as:

  • The email address you used to register an account
  • Your root account password
  • A non-root user account and password
  • Your secret API keys

With pass, setting up something like that is simple. Here’s a quick demo:

If you wanted to see all of your credentials, you would type:

nick@oriath:/tmp ⚡ pass Sites/Cloud/AWS
nonrootpassword
Email: foo@bar.com
Root password: rootpassword
Access Key ID: abc
Secret Access Key: xyz

If you wanted just your non-root password copied to the clipboard, you’d run pass Sites/Cloud/AWS -c and it knows to copy the first line to the clipboard.

Install and Learn More About pass

pass is free to use and you can install it on many different distributions of Linux.

Never Miss a Tip, Trick or Tutorial

Like you, I'm super protective of my inbox, so don't worry about getting spammed. You can expect a few emails per month (at most), and you can 1-click unsubscribe at any time. See what else you'll get too.


Comments