How to Setup Pass
Overview[edit]
Pass: The Standard Unix Password Manager uses common *nix tools like gpg
and git
to store and sync encrypted passwords and other secrets.
This guide was written for Ubuntu-based distributions of at least version 18.04. Other distros or older versions may have different commands, package names, and file locations.
GPG Key[edit]
It is necessary to have a GPG key for encrypting and decrypting the secrets saved by pass
. Refer to the How to Setup GPG page to create a new GPG key or import an existing key.
It is also recommended to change the pin entry program to a CLI program so that pass
can be used in a purely CLI environment (e.g. via SSH). See Change the Pin Entry Program.
Initial Setup[edit]
- Install Pass.
sudo apt install pass
- List the GPG keys to get the fingerprint.
gpg --list-secret-keys
- Setup a new password store. Enter the fingerprint of the created or imported GPG key. Note that the quotes should be placed around the fingerprint.
pass init "fingerprint"
- Set up the password store as a git repository.
pass git init
- Set the remote repository location. Substitute the URL or local file path for <location>.
pass git remote add origin <location>
- For a remote repository, the location should be similar to:
ssh://user@hostname.example.com/path/to/git/repo
- For a local repository, the location should just be the path:
/path/to/local/git/repo
- For a remote repository, the location should be similar to:
- Perform an initial push to the remote repository.
pass git push --set-upstream origin master
Import Existing Password Store[edit]
If pass
has been setup previously and synced with git
, the existing remote git
repository can be synced to another machine.
- Install Pass.
sudo apt install pass
- Clone the existing git repo into the password store directory. Replace /path/to/repo with the URL or file path to the remote repository.
git clone /path/to/repo ~/.password-store