A simple commandline password manager on Linux

Categories: Linux, Security

Authenticating with websites by sending passwords across a network is a bad idea. Using totp codes is better, as intercepted codes are valid only for 30 seconds, and used codes are completely useless. However sometimes passwords are the only option. The problem then is how to remember a good and distinct password for every site; the answer is usually to use a password manager - a database of (userid, password) pairs secured by a single master password. You only need to remember the master password.

There are many graphical password managers, and password managers are built into most (all?) major web browsers. However sometimes a simple commandline tool is all that you need. This article is a brief introduction to the commandline tool pass.

On Ubuntu, just sudo apt install pass, then:

pass init {GPG-encryption-key-id}
pass # lists credentials
pass insert {pwd-id}  # adds a credential
pass {pwd-id} # prints credential out
pass generate {pwd-id} # generates a random credential
pass rm {pwd-id}

The pass app stores all data encrypted with the master password in a directory tree under .password-store - convenient for backups, or even versioning with git!

Note that the {pwd-id} is used as the filename - so if you want to conceal which sites you have passwords for, then choose an obfuscated pwd-id.

To set up a GPG key if you do not have one:

gpg --quick-generate-key someuser@somedomain