3.1 KiB
| Title | Date | Modified | Author | Category | Tags | Slug | Header_Cover | Summary | Lang |
|---|---|---|---|---|---|---|---|---|---|
| Manage your passwords with pass | 2019-04-22 19:00 | 2024-02-24 18:00 | Fabrice | software | pass, git, cli | password-store | images/covers/clovers.jpg | A simple password manager that relies on gpg, and synchronized with git. | en |
As security breaches are discovered regularly, and so leakage happens, it is recommended to have a different password on each account. However, this task is obviously a pain to maintain by hand. I did use a notebook back in 2003, which I lost within a month, given that I'm a very organized person.
Hopefully, many password managers exist, with similar features: cross-platform (especially smartphone support), password generation, browser integration…
I'm not here to compare them, if you want to give a look, Wikipedia provides a nice comparison table there.
However, thanks to moviuro, my choice is pass along with pass-otp (and passmenu). I don't intend either to make a comprehensive guide, as those already populate the internet, for example here.
To make it short, pass is a bash scripts using git, gpg written by zx2c4.
Here are just some commands I often use.
pass generate -i <pass-name>
To regenerate a password, the -i is important to avoid overwriting the whole file and having to rely on dirty git to withdraw your mistake (pass <cmd> will automatically commit your change)… I sometimes forget it, so let's put it here as a reminder.
Sometimes it can be useful to specify the accepted special chars, this can be done using the PASSWORD_STORE_CHARACTER_SET environment variable.
This value is interpreted by the tr command,
hence to create a PIN, you can use the following value: PASSWORD_STORE_CHARACTER_SET='[:digit:]', then specify the length with the last argument.
For instance, to generate a 6 digit PIN:
PASSWORD_STORE_CHARACTER_SET='[:digit:]' pass generate <pass-name> 6
I didn’t manage to specify how to have at least one of them, so I run the command multiple times (with the -i option to change the file in place after the first one)…
It pollutes a bit the git history but, well… it works.
For instance, for a service supporting only the following characters: -_@$<> of at most 20 char long (fictive example), you can use the following command:
PASSWORD_STORE_CHARACTER_SET='[:alnum:]-_@$<>' pass generate <pass-name> 20
To finish:
pass git <whatever you want>
To do whatever you want with git, especially dirty git 😉
And finally, I'm using password-store on my android phone.