Manage passwords like a unix khan
I’m pretty sure you store your passwords in some password manager, hope. Probably it’s in the list: Bitwarden, KeepassXC, 1password, your browser’s password manager or some other, less popular app.
Ready for 180º world imagination turn?
There’s a unix standard password manager - pass. If you enjoy unix philosophy and how things are done there, this article is going to be interesting for you. Let’s look into it!
How does it work
GPG keys
I assume you know what’s GPG and how it works, if not - google it, there are a lot of manuals and guides about it, today we are talking about pass.
So, every password is just an encrypted file in ~/.password-store/
Why?
It’s safe. As long as your private GPG key is safe, you can accidentally push it into a public git repo, for others it’s just binary trash, it would take tooooo long (decades) to decrypt it without the private key.
It’s also really simple, it’s unix in the end. pass itself is a cli with not many commands, written in bash. Check the code of your local pass with vim $(which pass)
Okay, let’s go, I wanna set it up
First of all, sure, install it. Usually called pass in most package managers.
Then, you need to generate a GPG key if you don’t have one yet. To do it, use this command and follow the instructions
gpg --full-generate-key
Using all the defaults is okay, just don’t forget to set a strong passphrase
Good, now you have a GPG key, make sure to export it and copy to another place in case you lose your device.
For public key use this command
gpg --export <your key> > public.gpg
And this one for private key
gpg --export-secret-keys <your key> > private.gpg
Now we’re ready to set up pass itself
pass init <your key>
Use your key ID or email you have set for it
Good! You are all done, let’s see how to use it
Usage
For example, let’s create a password for bearblog ʕ•ᴥ•ʔ
pass add bearblog.dev
It will prompt for a password, 2 times to make sure you have typed it right. You can also use folders, like this
pass add Blog/bearblog.dev
To see the password you have just added to the storage, do
pass bearblog.dev
or, if you used folder
pass Blog/bearblog.dev
There you go, the password is displayed
You can edit, remove, find, list, move, copy and do other operations to passwords, to see all, use
pass --help
Sync passwords
Alright, at this point you already know how to use pass, but what if you have more than 1 device? Or what if you lose your device?
That’s not a problem, since files are encrypted, you can just push those in a git(hub/lab) repo, it can even be public (but why would you do that?). First, let’s init the repo
pass git init
Good, repo initiated in ~/.password-store
Now, pass will automatically commit any change. You only have to periodically do pass git push on this device, and pass git pull on another device. Oh, yeah, you also have to set the repo origin to push. Do this
cd ~/.password-store && git remote add origin <url>
That’s it
You have just set up pass and can manage your passwords like a unix khan. Enjoy! If you have any questions or issues with pass, feel free to contact me anytime