pass (unix password manager) for beginners
Update mid-2020: Adding pass-otp section
Update 2021-09-15: Overhaul. Removing gpg1 commands.
Hello all, This article will get you started with the unix-style pass Password Manager.
Generate GPG keys
The first step is to generate GPG keys if not done already.
Make sure that you have GnuPG 2 installed. Linux users refer to your package manager, Windows or macOS users, please refer to the Official Webpage.
Note some systems may require you execute
gpg2 instead of just
Start by listing the keys
If you see a key here that you created. Then you might not need to generate a new one. Otherwise start the keygen process:
Here is what you should roughly select:
- Select RSA and make sure the key size is
- Make sure the key never expires.
- Enter a name and email address. This just identifies the key.
- Now type a secure passphrase, Here is some advice from HowToGeek.
Re-run the command to --list-keys. You should now have a key with ultimate trust:
pub rsa4096 2021-09-15 [SC] 3E7744C818B6CDF9D4BA27D2995897280F62CA1E uid [ultimate] John Smith <firstname.lastname@example.org> sub rsa4096 2021-09-15 [E]
You will now want to initialise pass with your public key:
pass init "3E7744C818B6CDF9D4BA27D2995897280F62CA1E"
I generated that key as an example. Don't use it.
Now that everything is setup, follow the examples mentioned on the pass website to begin using.
I hate having to verify my account via a code sent through SMS, it is also insecure that way. The only other alternatives have been with One-time password (otp) apps. I was always under the impression that this was a proprietary mobile app. Turns out any otp application will read the QR codes, and function like a mobile app.
Go to security settings of whatever online service and set up a 2FA app. During the process it should show a QR code, screenshot this. Then using a program called
zbarimg scan the screenshot then pipe into pass otp.
You have two options to add an OTP code into pass. Pick either one:
# Append to an already existing pass file: zbarimg -q --raw qrcode-screenshot.png | pass otp append email@example.com # Create a new pass file with only the OTP code: zbarimg -q --raw qrcode-screenshot.png | pass otp insert firstname.lastname@example.org
Note: I seem to have problems scanning if the background of the QR is transparent, I suggest always using a screenshot to get around this problem!
Now get the code using:
pass otp email@example.com
Note that the code will expire. For maximum efficiency, pipe that last command into a clipboard copy program,
wl-copy depending on if you use X.org or Wayland.