December 19, 2015

462 words 3 mins read

Password Management using Password Store

Password Management using Password Store

Password Store is a command line utility for managing your passwords. The passwords are stored in an encrypted file which makes use of gpg. It also allows you to use git to track password changes.

pass isn’t as feature-rich compared to Last Pass or 1Password though.


Setup is pretty easy. It only requires gpg which can be installed via brew. Optionally, you can install git if you want to track changes in your storage.

$ brew install gpg pass

GPG (skip if you already have a key)

You would need to set up your gpg key if you don’t have one.

$ gpg --gen-key

You will then be presented with this prompt:

$ gpg --gen-key
gpg (GnuPG) 1.4.19; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection?

Select the default (RSA and RSA). The other steps will depend on how you want your key to be set up.


Initialize pass:

$ pass init

This will create a directory in your $HOME called .password-store.


pass help provides a list of all available commands so I’ll probably just list here the basics. pass simply lists all your stored passwords.


pass treats / similar to subfolders. An example is this:

$ pass
Password Store
├── foo
│   └── bar.gpg
│   └── baz.gpg
└── bar
    └── foo.gpg

This can be accomplished by invoking the commands:

$ pass insert foo/bar
Enter password for foo/bar:
Retype password for foo/bar:
$ pass insert foo/baz
Enter password for foo/baz:
Retype password for foo/baz:
$ pass insert bar/foo
Enter password for bar/foo:
Retype password for bar/foo:


Editing is similar to inserting.

$ pass edit foo/bar

You will then be asked to enter your password for your key. This will open up your default editor where you can modify your password.


This is similar to editing in which pass would open up a prompt which asks your password for your key.

To display your password, invoke this command:

$ pass foo/bar

To copy your password in the clipboard, just add the -c flag. pass removes it from the clipboard after 45 seconds.


pass supports git. Depending on how you want it stored, you can either track it on Github or some other service. A few posts in SO say that it’s fine to store them on github.

A quick rundown on using pass with git:

$ pass git remote add <alias> <remote>
$ pass git push

Everytime you insert, modify, or delete a password, pass issues a commit.