CLI Password Manager

This blog discusses a straightforward yet effective command-line interface (CLI) password manager designed for *nix users, known as password-store [pass]. Generating strong passwords quickly is not our strong suit, and managing them across multiple devices poses a challenge. While browser-based utilities exist, they may not meet all our requirements. Although some reliable utilities are available, they come with a hefty price tag and raise concerns about potential hacking. Therefore, I’ve discovered pass to be a valuable and uncomplicated utility, albeit requiring some effort to set up.

Pass operates by employing a GPG key to encrypt individual passwords, and it saves the encrypted data in a Git repository. This straightforward approach makes backups incredibly simple: a mere “git push origin main” accomplishes the task!

To initiate the use of the password-store, you must install it on your system through a package manager such as apt or yum. Additionally, you’ll need to have Git and GnuPG installed.

Initiating password-store

$ gpg  --gen-key

The aforementioned command requires identification information. Kindly provide one. The master password is also requested.

This key is associated with expiry date. if you want to remove expiry date, then use

$ gpg --edit-key <key>

We have to initiate password-store with key generated with gpg

$ pass init <key>

As mentioned earlier pass is backed up by git, we can add it to git repository.

$ pass git add .
$ pass git ci -m "initializing password store" .

To insert password in pass-store, we can generate and add it or we can insert password.

Generating a password:

$ pass generate github/mnjagadeesh 8 

This will create a password file mnjagadeesh under github folder. As you see it gives out userid when it is pushed to remote git repo. We can avoid it by moving userid as meta information. Please consult man pass page.

To insert password into pass-store you can use

$ pass insert github/mnjagadeesh

To list out all password store, you can use

$ pass [ls]

ls is default parameter.

To edit password use

$ pass edit github/mnjagadeesh

now you can correct or add meta information like email: mnjagadeesh@gmail.com

We can use easily locate required password by searching password store using

$ pass find <meta-data>

To remove a password from store, use

$ pass rm github/mnjagadeesh

After every operation do not forget to run `git add` and `git commit`

This is a basic operation. You can clone password store into other device to keep it in sync. For that, you have to export gpg keys to other servers.