pass is a simple password manager that stores passwords in a gpg-encrypted file, not some obscure database. The files can in turn be put on Dropbox, git or any other file management service.
Installing
pass
must be installed along gpg
. On NixOS:
1
{
# Must restart computer, otherwise you may hit this bug:
# https://github.com/NixOS/nixpkgs/issues/35464#issuecomment-383894005
programs.gnupg = {
agent = {
enable = true;
enableExtraSocket = true;
pinentryFlavor = "curses";
};
};
environment.systemPackages = with pkgs; [
pass
];
}
Using
Generate a GPG key
gpg --full-gen-key
Initialize the password store, along with git:
pass init <email>
pass git init
Test:
pass insert test/example.org
pass show test/example.org
pass git push
Backup GPG key in Keybase
As of summer 2021, I no longer use Keybase. Re-using ProtonMail email keys is another option.
Since I already use keybase, I store my GPG key securely in kbfs, and then import it on other computers.
gpg --export-secret-keys --armor "Sridhar Ratnakumar" > ~/keybase/private/srid/gpg/me.asc
Import GPG key
To import a GPG key (either from Keybase backup or from the canonical ProtonMail key):
gpg --import ~/keybase/private/srid/gpg/me.asc
gpg --edit-key <email> # and run `trust`
Android support
-
Setup Syncthing (use
.git
alias withgitdir: /path/to/.git
as contents in order to exclude the git index from syncing) - Use Android apps: Password Store & OpenKeychain
Discussions
-
2020-01 Lobste.rs: What do you use for password management? (User-friendly alternative to
pass
)
On non-NixOS Linuxes, you may want to use the native package, as home-manager’s shell completion is broken.