Summarizing the instructions of the pass
tool (as seen on its website).
Execute: $ sudo apt install pass
Execute: $ gpg --full-generate-key
After following the instructions in the prompts, you can execute $ gpg --list-key
to make sure that it was created correctly. Make note of the uid phrase you chose - you'll need it to initialize your password store.
Execute $ pass init [GPG UID]
to initialize the password store - where "GPG UID" is the uid stored from above. This will create the ~/.password-store
directory, where all of your passwords will be stored.
Start by creating a new (local) git repository under the ~/.password-store
directory by executing:
$ pass git init
If you'd like to pair this repo with an existing one, execute the following:
$ pass git remote add origin [GIT URL]
$ cd ~/.password-store
$ git fetch -p
$ git branch password-store
$ git push origin password-store
Keep in mind that everytime you execute a pass
command, it will create a new (local) commit inside the ~/.password-store
directory - within whatever branch is being pointed at at the moment. You can then execute the following to push the commits to the server:
$ pass git push
Execute $ pass insert [OPTIONAL DIR]/[FILENAME]
, where:
- OPTIONAL DIR is an optional directory name to provide a file structure for your password store.
- FILENAME is the filename that
pass
will use to store the password.
You can then execute $ pass [OPTIONAL DIR]/[FILENAME]
to display the password for the provided filename.
Execute the following to replace the password in FILANAME:
$ pass generate --in-place FILENAME 30
To use the same git repo with all of your passwords in a different machine, you'll need to export/import the GPG key pair used to generate/insert the passwords.
-
Export the GPG key pair on the original machine by executing:
$ gpg --export [GPG ID] > public.key $ gpg --export-secret-key [GPG ID] > private.key
-
Copy the key pair to the secondary machine(s) you wish to use.
-
Import the pair in the new machine(s) by executing:
$ gpg --import public.key $ gpg --import private.key
-
Set the trust permissions on the new key pair by executing:
$ gpg --edit-key [GPG ID] $ gpg> trust $ [follow the prompts] $ gpg> quit