How to Setup Pass

Overview[edit]

Pass: The Standard Unix Password Manager uses common *nix tools like gpg and git to store and sync encrypted passwords and other secrets.

This guide was written for Ubuntu-based distributions of at least version 18.04. Other distros or older versions may have different commands, package names, and file locations.

GPG Key[edit]

It is necessary to have a GPG key for encrypting and decrypting the secrets saved by pass. Refer to the How to Setup GPG page to create a new GPG key or import an existing key.

It is also recommended to change the pin entry program to a CLI program so that pass can be used in a purely CLI environment (e.g. via SSH). See Change the Pin Entry Program.

Initial Setup[edit]

1. Install Pass.

   sudo apt install pass

2. List the GPG keys to get the fingerprint.

   gpg --list-secret-keys

3. Setup a new password store. Enter the fingerprint of the created or imported GPG key. Note that the quotes should be placed around the fingerprint.

   pass init "fingerprint"

4. Set up the password store as a git repository.

   pass git init

5. Set the remote repository location. Substitute the URL or local file path for <location>.

   pass git remote add origin <location>

   • For a remote repository, the location should be similar to:

     ssh://user@hostname.example.com/path/to/git/repo

   • For a local repository, the location should just be the path:

     /path/to/local/git/repo

6. Perform an initial push to the remote repository.

       pass git push --set-upstream origin master
   

Import Existing Password Store[edit]

If pass has been setup previously and synced with git, the existing remote git repository can be synced to another machine.

1. Install Pass.

   sudo apt install pass

2. Clone the existing git repo into the password store directory. Replace /path/to/repo with the URL or file path to the remote repository.

   git clone /path/to/repo ~/.password-store