Pass with GPG

pass is a simple password manager that stores passwords in a gpg-encrypted file, not some obscure database. The files can in turn be put on Dropbox, git or any other file management service.


The author now uses 1Password.


pass must be installed along gpg. On NixOS: 1

    # Must restart computer, otherwise you may hit this bug:
    programs.gnupg = {
      agent = {
        enable = true;
        enableExtraSocket = true;
        pinentryFlavor = "curses";
    environment.systemPackages = with pkgs; [


Generate a GPG key

gpg --full-gen-key

Initialize the password store, along with git:

pass init <email>
pass git init


pass insert test/
pass show test/
pass git push

Backup GPG key in Keybase

As of summer 2021, I no longer use Keybase. Re-using ProtonMail email keys is another option.

Since I already use keybase, I store my GPG key securely in kbfs, and then import it on other computers.

gpg --export-secret-keys --armor "Sridhar Ratnakumar" > ~/keybase/private/srid/gpg/me.asc

Import GPG key

To import a GPG key (either from Keybase backup or from the canonical ProtonMail key):

gpg --import ~/keybase/private/srid/gpg/me.asc
gpg --edit-key <email> # and run `trust`

Android support

  • Setup Syncthing (use .git alias with gitdir: /path/to/.git as contents in order to exclude the git index from syncing)
  • Use Android apps: Password Store & OpenKeychain
On non-NixOS Linuxes, you may want to use the native package, as home-manager’s shell completion is broken.
Links to this page