Linux/Windows Password Manager “pass”

Derrick Gee
Jun 7, 2019 · 5 min read
Photo by Matt Artz on Unsplash

I have been using pass for about over a month now, and I think it’s a great terminal password manager. It uses gpg to encrypt your passwords into physical files in an organized folder system. And yes, the images below are all on WSL (Windows Subsystem for Linux) on Windows. It is a simple process to use Linux on Windows; Type in powershell in your start menu, run as admin, and run this command: Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

After it restarts your pc, just go to the Microsoft Store and install Ubuntu (or a listed distro of your choice). It is a pretty painless process to gain access to Linux on Windows.


If you don’t have a gpg key gpg --list-keys , then you need to generate one. If your gpg version is over 2.1.17+: run gpg --full-generate-key , else run gpg --gen-key (check your man gpg incase it is not this flag). Remember your passphrase for this key, as you will need it to decrypt the passwords you store. Skip to Step 2 if you already have gpg.

Step 1, GPG: See if you have any gpg keys. If not, check the version of gpg you have and refer to the above on which command to run:

Yes, this is Linux on Windows.

Next, follow the prompts. I personally use and recommend RSA 2048, if you’re into future proofing, then go with 4096:

Be sure to remember your passphrase:

Enter your passphrase twice, be sure to remember this passphrase.

This is what you use to unlock your passwords. The idea here is that you don’t need to remember long complicated passwords, instead you use a simple passphrase to unlock and use it.

Displaying the newly made pub key.

Step 2, Installing pass: Check out passwordstore to see how to download and install it for your system. I use personally use Manjaro and Ubuntu, so it is sudo apt-get install pass and sudo pacman -S pass for me.

Installing pass on Ubuntu package manager
Installing pass on Arch package manager

Pass init: Now you want to hook up that gpg key to your password-store, so run gpg --list-keys , copy pub key (long capital letters and numbers string under pub in the image above), and then run pass init "YOUR_PUB_KEY" .

Once you have your gpg key linked, now you can create your passwords. Create a single password: To add a key, run pass insert FOLDER/CONTENT and then type in your password.

Create multiline passwords: Sometimes you might want to store more than 1 password. Maybe you want to store a user and pass, or a user, pass and API key. Pass is able to do that with pass -m insert Folder/content:

You can store pretty much anything in multi-line passwords, get creative.

Access your password: You can run pass -c FOLDER/CONTENT and type in your passphrase. The -c flag copies your password to your clipboard for 45 seconds, then erases it from your clipboard.

Copy to clipboard on Linux.

You will need to pipe clip.exe on WSL instead of using the -c flag in order to copy your password to your clipboard on Windows.

Copy to clipboard on WSL.

Remove a password: You can use the rm method to remove a pass file, just enter which Folder/application you want to remove:

The folder system should be easy to visualize, but you can see below to try to imagine it better:

/home/user/
|___.password-store
| |______Email
| | |______job
| | |______personal
| |
| |______Facebook
| | |______main
| | |______mydog

Some automation: You can use this Python script below (also on my Github) to access pass and output your passwords to other scripts without hardcoding sensitive credentials in your code:

#/usr/bin/env python3
import subprocess
def run_pass(target=None):
"""run_pass
Args:
target (str): The folder/application in your Password Store
Returns:
result (str) or (list): If multiline, returns the list of password values, if single password, returns the str of your password
"""
result = None
if target and target != []:
proc = subprocess.Popen("pass {}".format(target), shell=True, stdout=subprocess.PIPE)
output = proc.communicate()[0]
result = output.decode("utf-8").strip().split()
if result and len(result) == 1:
return result[0] # This returns a str if single password
else:
return result # This returns a list if multilined
if __name__ == "__main__":
target = "Email/job"
password = run_pass(target)

Now the password variable contains the password for Email/job , and you are able to fill it into any automation script you have. You can also store API keys, security phrases, or your grocery shopping list, whatever you want. This article doesn’t cover everything about pass and gpg , but definitely take a look at their documentation for more details if you are interested in doing more with these tools.


Check out my Github repo for my personal Linux scripts for automation and dotfiles. Follow my Medium for more Linux based articles, tech life in Japan coming soon. Twitter for occasional tweets about randomness or life in Japan.

Derrick Gee

Written by

Software Engineer | Linux Love | Cat Love | https://github.com/kai-dg

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade