Skip to main content


Store encrypted passwords using a GPG key. Supports the regular CRUD, tree list, and optionally wraps around git for automatic commits and human-readable history diff.


Official integration offers: GUI client, an Android app, an iOS app, a Firefox plugin, a dmenu script, and even an emacs package.


There are official contrib/importers for all sorts of programs you'd be wanting to migrate from.

Secure Editing

When editing multi-line entries with your favorite editor, make sure it doesn't write swap/undo/backup data for pass temp files. Here's a vim script that does just that.

OSX Browser Workflow

We'll create a global keyboard shortcut to grab Google Chrome's current tab URL and show pass information, without the password. The password is copied to clipboard for 45 seconds.

Run Automator, and create a new service:

  1. Add "Run AppleScript" with:
    on run {input, parameters}
tell application "Google Chrome"
return URL of active tab of first window
end tell
end run

Note: For other browsers, see this get_url gist 2. Add "Run Shell Script", select "Pass input [as arguments]", with:

    ~/.local/bin/urlpass "$@"
  1. Save service.
  2. Assign keyboard shortcut in System Preferences / Keyboard / Shortcuts.
  3. Create ~/.local/bin/urlpass:
  #!/usr/bin/env bash

# Import the gpg-agent-info variable and export it
eval $(cat "~/.gpg-agent-info" | cut -d: -f 1)

for f in "$@"
# Filter out domain without 'www.' from url
host=$(echo "$f" | awk -F/ '{print $3}' | sed 's/^www.//')
# Copy password to clipboard
if pass -c "sites/$host" 1>/dev/null; then
# Show notification with all other info except the 1st line
data=$(pass "sites/$host" | sed '1d')
terminal-notifier -message "${data:-N/A}" -title "$host"
  1. Set execute permissions: chmod ug+x ~/.local/bin/urlpass