Store encrypted passwords using a GPG key. Supports the regular CRUD, tree list, and optionally wraps around git for automatic commits and human-readable history diff.

  • Site: http://www.passwordstore.org/
  • Man page: http://git.zx2c4.com/password-store/about/

# Integration

Official integration offers: GUI client (opens new window), an Android app (opens new window), an iOS app (opens new window), a Firefox plugin (opens new window), a dmenu script (opens new window), and even an emacs package (opens new window).

# Migration

There are official contrib/importers (opens new window) for all sorts of programs you'd be wanting to migrate from.

# Secure Editing

When editing multi-line entries with your favorite editor, make sure it doesn't write swap/undo/backup data for pass temp files. Here's a vim script (opens new window) that does just that.

# OSX Browser Workflow

We'll create a global keyboard shortcut to grab Google Chrome's current tab URL and show pass information, without the password. The password is copied to clipboard for 45 seconds.

Run Automator, and create a new service:

  1. Add "Run AppleScript" with:
    on run {input, parameters}
      tell application "Google Chrome"
        return URL of active tab of first window
      end tell
    end run

Note: For other browsers, see this get_url gist (opens new window) 2. Add "Run Shell Script", select "Pass input [as arguments]", with:

    ~/.local/bin/urlpass "$@"
  1. Save service.
  2. Assign keyboard shortcut in System Preferences / Keyboard / Shortcuts.
  3. Create ~/.local/bin/urlpass:
  #!/usr/bin/env bash

  # Import the gpg-agent-info variable and export it
  eval $(cat "~/.gpg-agent-info" | cut -d: -f 1)
  export GPG_AGENT_INFO

  for f in "$@"
  do
    # Filter out domain without 'www.' from url
    host=$(echo "$f" | awk -F/ '{print $3}' | sed 's/^www.//')
    # Copy password to clipboard
    if pass -c "sites/$host" 1>/dev/null; then
      # Show notification with all other info except the 1st line
      data=$(pass "sites/$host" | sed '1d')
      terminal-notifier -message "${data:-N/A}" -title "$host"
    fi
  done
  1. Set execute permissions: chmod ug+x ~/.local/bin/urlpass
Last Updated: 12/26/2018, 11:15:30 PM