posix password manager 🔒
Go to file
2023-05-13 01:00:40 -04:00
LICENSE Initial commit 2023-05-13 01:00:40 -04:00
pass Initial commit 2023-05-13 01:00:40 -04:00
README.md Initial commit 2023-05-13 01:00:40 -04:00

pass

posix password manager

A very simple password manager that keeps passwords inside gpg encrypted files inside a simple directory tree.

Similar to password-store, but written in POSIX compliant shell script instead of bash.

Requirements

Optional Requirements
  • nano (required only if environment variable $EDITOR is not set)
  • dmenu (required for menu)
  • pinentry-dmenu (required for menu)
  • xclip (required for menu to copy passwords)
  • xdotool (required for menu to type passwords)
  • oath-toolit (required for 2FA)

Config

Edit the source code to change these settings:

Setting Description
GPG_ID Default GPG key ID to use for encrypting/decrypting
GPG_OPTS Do not edit this unless you know what you are doing
METHOD Method used for the menu ("copy" will use xclip to copy passwords & "type" will use xdotool to type passwords)
PASS_DIR Directory to store all password information

Usage

Command Description
pass Display a directory tree of stored passwords
pass <path> Display password information for <path> or a directory tree of stored passwords if <path> is a directory
pass menu Use pass in dmenu (Selected line is copied to the clipboard or typed out depending on the METHOD used)
pass edit <path> Display stored password information for <path>
pass gen <len> Generate a random password that is <len> characters long
pass otp <path> Return a 2-Factor-Authenticaion code for <path> (Last line of <path> must be a valid otpauth:// URI)
Note

<path> is not a direct path per-say. If the password is stored in $PASS_DIR/www/github.gpg all you have to put is www/github for <path>

When using the menu, the clipboard is cleared after 3 seconds or passwords are typed after 3 seconds, depending on what METHOD you set in the config.

For setting up 2FA, you can download the QR code image & use zbar to convert it to a string to get a valid URI.

Pinentry Setup

To keep everything in the command line, make sure you edit your $HOME/.gnupg/gpg-agent.conf to include pinentry-program /usr/bin/pinentry-curses

If you plan on using the menu features, pinentry-dmenu will allow you to enter your GPG key password inside of dmenu, but in order to do that you will need to create a wrapper for pinetry at $HOME/.gnupg/pinentry-wrapper:

if [ "$PINENTRY_USER_DATA" = "dmenu" ]; then
    exec /usr/local/bin/pinentry-dmenu "$@"
else
    exec /usr/bin/pinentry-curses "$@"
fi

Make it executable with chmod +x $HOME/.gnupg/pinentry-wrapper and then edit your $HOME/.gnupg/gpg-agent.conf to include pinentry-program $HOME/.gnupg/pinentry-wrapper.

Mirrors