Linux Pass: A Text-Based Password Manager
Linux servers typically don’t tend to install with GUIs. A command line is faster.
But when you have no GUIs to rely on, what do you do about passwords?
Because this is Linux, there’s always a solution. In this case, the solution is pass, which is a text-based password manager that stores all of your entries in the PGP-encrypted text file, ~/.password-store.
The pass command gives you access to adding, editing, generating, and retrieving your stored passwords and can even temporarily add a password to your clipboard and track password changes with git.
Yeah, pass is handy and it’s something you’re going to want to have at the ready.
I’m going to walk you through the process of installing and using the pass text-based password manager.
What You’ll Need
I’m going to demonstrate this on Ubuntu Server 22.04, but pass is also available for Fedora-based distributions. The only difference is the installation command (which I’ll explain in a bit). You’ll also need a user with sudo privileges for the installation and a PGP key generated and stored on the machine (I’ll explain how to do this as well).
Do note, that pass can also be installed on MacOS via Homebrew.
That’s it. Let’s get pass installed.
Installing Pass
The first step is installing pass. Log in to your Ubuntu server and issue the command:
sudo apt-get install pass -y
If you’re using a Fedora-based machine, that command will be:
sudo dnf install pass -y
Generating Your PGP Key
Next, we need to generate a PGP key that will be used with pass. To do this, go back to the terminal and issue the command:
gpg --gen-key
Answer the required questions to complete the process. One of the questions asked will be to require you to type an email address to associate with the key. You’ll need that email address during the pass setup.
Setting up Pass
With your gpg key at the ready, it’s time to initialize pass with the command:
pass init EMAIL
Where EMAIL is the email address you associated with your PGP key. This will create a new password store and initialize it for the email address.
Using Pass
With everything ready, it’s time to create your first entry into your pass password store. Let’s say you want to add a password for Facebook. To do that, we’re going to not only create an entry for Facebook but also a folder to house Social networking sites. For that, the command would be:
pass insert SOCIAL/Facebook
You’ll be prompted to type a password for the Facebook entry. If you wanted to associate a username with that account, you could do something like this:
pass insert SOCIAL/Facebook/USERNAME
Where USERNAME is the username for the Facebook account in question.
When you want to view the password for the account, issue the command:
pass show SOCIAL/Facebook/USERNAME
To successfully view the password, you’ll have to type the passphrase associated with the GPG key used to initialize the password store.
Let’s say you also want to add an entry for Twitter (aka X) and you want it also stored in the SOCIAL category. For that, the command would be:
pass edit SOCIAL/Twitter/USERNAME
Where USERNAME is the Twitter/X username.
To view the layout of your password store, issue the command:
pass
The results will look something like this:
Password Store ├── APIx │ └── jack └── SOCIAL ├── Facebook │ └──jack ├── Facebook └── Twitter └── jack
You can also use pass to generate random passwords (which can then be used to create new entries). Let’s say you’re creating a new user account for Twitter/X and you want to generate a 12-character random password and store it in the password store. To do that, issue the command:
pass generate SOCIAL/Twitter/USERNAME 12
If you issue the pass command, you’ll see that the new entry has been created. Once again, you can view that password with the command:
pass show SOCIAL/Twitter/USERNAME
Once again, where USERNAME is the Twitter/X username.
Integrating Pass with Git
This is a really cool feature for pass, as it can integrate with Git. To do this, you must first set git global configurations like this:
git config --global user.email "EMAIL" git config --global user.name "NAME"
Where EMAIL is your email address and NAME is your name. This will initialize a git repository within your pass password store. This git repository can then be cloned onto other machines, using git, and, as long as you keep the repositories in sync, you’ll always have access to your updated passwords.
If you’ve ever needed a command line password manager, pass is what you need. Once you get the hang of how it’s used, you’ll find it to be an outstanding option for those machines that don’t include a GUI but still need the convenience of a password manager.
