--- Title: Manage your passwords with pass Date: 2019-04-22 19:00 Modified: 2024-02-24 18:00 Author: Fabrice Category: software Tags: pass, git, cli Slug: password-store Header_Cover: images/covers/clovers.jpg Summary: A simple password manager that relies on gpg, and synchronized with git. Lang: en --- As security breaches are discovered regularly, and so leakage happens, it is recommended to have a different password on each account. However, this task is obviously a pain to maintain by hand. I did use a notebook back in 2003, which I lost within a month, given that I'm a very organized person. Hopefully, many password managers exist, with similar features: cross-platform (especially smartphone support), password generation,browser integration… I'm not here to compare them, if you want to give a look, [wikipedia](https://en.wikipedia.org) provides a nice comparison table [**there**](https://en.wikipedia.org/wiki/List_of_password_managers). However, thanks to [moviuro](https://try.popho.be), my choice is [pass](https://www.passwordstore.org/) along with [pass-otp](https://github.com/tadfisher/pass-otp#readme) (and [passmenu](https://git.zx2c4.com/password-store/tree/contrib/dmenu)). I don't intend either to make a comprehensive guide, as those already populate the internet, for example [**here**](https://medium.com/@chasinglogic/the-definitive-guide-to-password-store-c337a8f023a1). To make it short, pass is a bash scripts using [git](https://git-scm.com/), [gpg](https://www.gnupg.org/) written by [zx2c4](https://www.zx2c4.com/). Here are just some commands I often use. ```sh pass generate -i ``` To regenerate a password, the `-i` is important to avoid overwriting the whole file and having to rely on [dirty git]({filename}/cheat-sheets/git.md) to withdraw your mistake (`pass ` will automatically commit your change)… I sometimes forget it, so let's put it here as a reminder. Sometimes it can be useful to specify the accepted special chars, this can be done using the `PASSWORD_STORE_CHARACTER_SET` environment variable. This value is interpreted by the [`tr` command](https://en.wikipedia.org/wiki/Tr_(Unix)), hence to create a PIN, you can use the following value: `PASSWORD_STORE_CHARACTER_SET='[:digit:]'`, then specify the length with the last argument. For instance, to generate a 6 digit PIN: ```sh PASSWORD_STORE_CHARACTER_SET='[:digit:]' pass generate 6 ``` I didn’t manage to specify how to have at least one of them, so I run the command multiple times (with the `-i` option to change the file in place after the first one)… It pollutes a bit the git history but, well… it works. For instance, for a service supporting only the following characters: `-_@$<>` of at most 20 char long (fictive example), you can use the following command: ```sh PASSWORD_STORE_CHARACTER_SET='[:alnum:]-_@$<>' pass generate 20 ``` To finish: ```sh pass git ``` To do whatever you want with git, especially *dirty git* 😉 And finally, I'm using [password-store](https://f-droid.org/en/packages/dev.msfjarvis.aps/) on my android phone.