Skip to main content
OuterRealm
  1. Posts/

Pass: The Standard Unix Password Manager

·3 mins·
Security Cli Tools Security Linux Password Manager Gpg
Table of Contents

Introduction
#

In a world dominated by complex password requirements and increasing cyber threats, managing credentials securely and simply is critical. Enter Pass, the standard Unix password manager. It’s lightweight, command-line-driven, and relies on tried-and-true tools: GPG for encryption and Git for version control.

Pass adheres to the Unix philosophy: do one thing well. It stores each password in its own GPG-encrypted file, making it both secure and manageable with familiar tools.

Installation
#

To get started, install Pass and GPG:

# Debian/Ubuntu
sudo apt install pass gnupg

# Fedora
sudo dnf install pass gnupg

# Arch Linux
sudo pacman -S pass gnupg

# macOS (Homebrew)
brew install pass gpg

Initial Setup
#

Before using Pass, ensure you have a GPG key:

gpg --full-generate-key

Then initialize Pass with your GPG key ID or email:

pass init "Your Name <you@example.com>"

Basic Usage
#

Add a Password
# 

pass insert email/gmail

It will prompt you to type and confirm the password. You can also pipe input:

echo "MyS3cretP@ss" | pass insert email/gmail

Retrieve a Password
# 

pass email/gmail

Copy a Password to Clipboard (auto-clears after 45s)
# 

pass -c email/gmail

Remove a Password
# 

pass rm email/gmail

List Stored Passwords
# 

pass ls

Advanced Usage
#

Organize into Folders
# 

pass insert work/github
pass insert personal/bank

This keeps things tidy using a tree-like structure.

Sync with Git
#

Initialize a Git repo to keep your password store versioned and backed up.

cd ~/.password-store
git init
git remote add origin git@yourserver.com:password-store.git
git add .
git commit -m "Initial commit"
git push -u origin master

Use Multiple GPG Keys
#

You can encrypt the store for multiple recipients:

pass init "user1@example.com" "user2@example.com"

Automatically Generate Passwords
# 

pass generate social/twitter 20

This generates a 20-character random password and saves it.

Edit Encrypted Passwords
# 

pass edit personal/bank

Opens the file in $EDITOR for advanced entries like username, URL, or notes.

Search Passwords
# 

pass grep bank

Find entries containing the word “bank”.

Pros and Cons
#

✅ Pros
#

  • Simple & Unix-friendly: Pure CLI, scriptable, and integrates with other Unix tools.
  • Secure: Uses GPG for encryption.
  • Portable: Stores plain files — easy to move, sync, and backup.
  • Version Controlled: Works seamlessly with Git.
  • Flexible: Supports multiple identities, folders, and password templates.

❌ Cons
#

  • Command-line only: May intimidate users unfamiliar with CLI.
  • GPG complexity: Key management can be a hurdle.
  • No built-in password sharing: Requires manual Git or sync setup.
  • No browser integration by default: Requires third-party extensions or scripts.

Final Thoughts
#

If you’re comfortable with the terminal and value simplicity, control, and security, Pass is a rock-solid password manager. It avoids the bloat of modern GUI tools while giving you full transparency over your credentials. With Git and GPG, you get secure, auditable, and versioned password storage — the Unix way.

Happy scripting — and stay secure!

Related

Tomb: A Simple and Secure Linux Encryption Tool
·3 mins
Security Tools Encryption Linux Security Privacy Tomb
Ranger: A Terminal-Based File Manager You’ll Love
·2 mins
Tools Linux Terminal File Manager Linux Cli Productivity
Rsync: Powerful File Transfer and Synchronization Tool
·2 mins
Tools How-To Linux Rsync Backup File-Transfer Cli Tutorial
Top 10 Secure Messaging Platforms Compared
·3 mins
Messaging Security Privacy FOSS Encryption