Pass with GPG

pass is a simple password manager that stores passwords in a gpg-encrypted file, not some obscure database. The files can in turn be put on Dropbox, git or any other file management service.


pass must be installed along gpg. On NixOS: 1

    # Must restart computer, otherwise you may hit this bug:
    programs.gnupg = {
      agent = {
        enable = true;
        enableExtraSocket = true;
        pinentryFlavor = "curses";
    environment.systemPackages = with pkgs; [


Generate a GPG key

gpg --full-gen-key

Initialize the password store, along with git:

pass init <email>
pass git init


pass insert test/
pass show test/
pass git push

Backup GPG key in Keybase

As of summer 2021, I no longer use Keybase. Re-using ProtonMail email keys is another option.

Since I already use keybase, I store my GPG key securely in kbfs, and then import it on other computers.

gpg --export-secret-keys --armor "Sridhar Ratnakumar" > ~/keybase/private/srid/gpg/me.asc

Import GPG key

To import a GPG key (either from Keybase backup or from the canonical ProtonMail key):

gpg --import ~/keybase/private/srid/gpg/me.asc
gpg --edit-key <email> # and run `trust`

Android support

  • Setup Syncthing (use .git alias with gitdir: /path/to/.git as contents in order to exclude the git index from syncing)
  • Use Android apps: Password Store & OpenKeychain


On non-NixOS Linuxes, you may want to use the native package, as home-manager’s shell completion is broken.
Links to this page