Unix password manager

Reusing passwords or using the same same set of passwords across websites/systems is a really bad idea.
Any website that does not hash their users passwords will be able to see your password in the clear and could try logging in as you on other websites.
Therefore you should always have a different password for each website/system you log in to.
Storing passwords in a secure way is an important part of any password management solution which I will discuss here.

On Windows or Mac you have products like Lastpass or 1Password where you login into their product with one password to access all others.
But what if you don’t have a UI interface and just use a terminal window.
Here I use Password Store. There are other solutions available but I find this one the easiest.
pass is a very simple password store that keeps passwords inside gpg2 encrypted files inside a simple directory tree

My installation examples below are for Ubuntu though pass should be the same across OS’s.


Follow the instructions on http://www.passwordstore.org
sudo apt-get install pass
sudo apt-get install gnupg2

Setup GPG2 Key

We will use a gpg key on your computer that is password protected so you only ever need to remember 1 password to access all other passwords.
(Be careful, if you forget/lose this password then this key is useless and can never be used again)

Either view your existing keys with
gpg2 --list-keys

or setup a new one

gpg2 --gen-key
Use the defaults unless you have a reason not to
Complete the users questions asked
Enter your passphrase twice
Keep on moving your mouse while it generates the entropy

If you are using vagrant or something that is struggling to generate enough entropy then open a second terminal and install and run the following.
apt-get install rig-tools
sudo rngd -r /dev/urandom

Find your GPG id

pub 2048R/910C0A8E 2014-11-07
is GPG id: 910C0A8E

Setup pass for gpg2

nano /usr/bin/pass
update GPG=”gpg2″
(Ctrl X, then y, enter to save)

Setup Password Store:

Setup with own GPG key
pass init 910C0A8E
910C0A8E is the ID of my GPG key
Or to add permissions to only one folder you can use -p
pass init -p Social 910C0A8E

Initialise the password store with git
pass git init
You want to do this so all change commands are committed to git so you have a historic record.

Where are they stored:
All passwords live in ~/.password-store

Using Password Store

Some options may not be available in your version

List what is currently stored

Add password (manually enter password)
pass insert Social/Facebook

Generate and save a new password with 15 characters
pass generate Social/Facebook 15
(make sure you update your password on the website with the new generated password)

Add multiline password
pass insert -m Social/Facebook
^D to finish

Find password
pass find Facebook

Show password
pass Social/Facebook

Copy password to keyboard for 45 seconds
pass -c Social/Facebook

Edit Password
pass edit Social/Facebook

Move password file
pass mv Social/Facebook Social/Facebookold

Remove password
pass rm Social/Facebookold


You can use git on an external repo to keep passwords synced across different systems
pass git push
pass git pull

You can use multiple GPG keys when sharing with a team of people
You can specify which folders each user/key has access to
gpg2 encrypted files
Super simple to use

https://vaultproject.io is another interesting project to achieve a similar outcome.

Leave a Reply

Your email address will not be published. Required fields are marked *