Ubuntu

Pass for Ubuntu

It’s rather inconvenient to memorize passwords or to keep them written in a little notebook. This is where password managers come in. A password manager is a piece of software that manages passwords. There are various types of password managers, some store passwords online while others are installed locally. In this tutorial, we will learn about pass, a password manager available for Ubuntu.

Pass is a free and open-source command-line interface password manager for Mac OS, Linux, and Unix systems. Pass can store, retrieve, generate and synchronize passwords. It encrypts passwords using GnuPG and stores them inside a directory tree located at ~/.password-store. This password-store can be manipulated using simple commands. More information can be found at https://www.passwordstore.org.

To install it:

sudo apt-get install pass -y

Generate GPG Key

First, we need to generate the gpg-id, to do so, do the following:

gpg --full-generate-key

The prompt will ask you to enter information such as name and email. Do enter them. Once done, type “o”, and press enter. When you do so, you’ll get a pop-up asking you to enter a password. Here, enter a master password. Once everything is done, the system will chuck out a gpg key, retrieve it. You will need this key for the next step.

Untitled

Initialize Pass

Before any other commands can be passed to the utility, you must first initialize it using the following:

kalyani@hacker:~$ pass init <gpg-id>

Ex:

kalyani@hacker:~$ pass init DFFB0O3C33275D77

Here, the GPG id that you collected in the previous step must be entered as the gpg-id. This gpg-id will be stored at ~/.password-store/.gpg-id.

General Usage

The general usage is as follows:

pass [COMMAND] [OPTIONS][ARGS]

If and when you do not specify a command in the previous argument, the show or ls command will be passed by default. Commands include: init, ls, grep, find, show, insert, edit, generate, rm, mv, cp, git, help, and version.

Insert a New Password

The next thing we might want to do is to insert a new password into the password manager:

kalyani@hacker:~$ pass insert <folder/sub-folder/email or website>

Ex:

kalyani@hacker:~$ pass insert Email/neverendingstorywhite2@gmail.com

Ex:

kalyani@hacker:~$ pass insert Website/amazon.ca

At this point, you’ll be asked to enter the password, so enter it.

Here, of course, you can create directories and sub-directories. For example, you can create a folder called Email, and another called Websites, then create a sub-folder within Email – one for Yandex, and one for Gmail (for example). In all cases, we use the insert command to create the password tree.

Untitled5

List

You can then list the passwords using the pass command:

kalyani@hacker:~$ pass

The pass command, when passed alone, will create a directory tree/map of the password store. It will display both folders and the available emails and websites that you’ve created. In my case, I’ve created two folders – one called email and one called website. Within each folder, I put a single file. In order to see everything, you can either type pass or pass show. Both commands will show the directory map.

Untitled3

Find Passwords in Password-store

You can also search for terms in the password-store. For example, in my case, I have an email and a website stored within the password store. If I wanted to look for all of my mail, for example, I can search for them using the find command:

pass find <search term>

Ex:

pass find .ca

The latter would chuck out the email addresses and/or the websites stored within pass that ends with a “.ca”. In my case, I have a single file with a “.ca”, and so it would chuck out that file (amazon.ca).

Untitled9

Move a Password File

Another function that is integrated into the Pass Password manager is the mv or move command. It allows you to move files around from one directory to another.

pass mv <original location> <new location>

Ex:

pass mv Email/amazon.ca Website/amazon.ca

The latter would move the amazon.ca file in the Email folder to the Website folder.

Untitled6

Retrieve Passwords

Now, the next thing you might want to do is to retrieve the password. In order to retrieve the password, type the following:

kalyani@hacker:~$ pass <folder/sub-folder/email or website>

Ex:

kalyani@hacker:~$ pass Email/neverendingstorywhite2@gmail.com

The latter will generate a prompt where you have to enter the master password. Once the master password has been entered, you should be able to view the password for the site in plain text.

Untitled4

Generate Passwords

Further, you can also generate passwords using the generate command.

kalyani@hacker:~$ pass generate <folder/sub-folder/email or website> <password character length>

Ex:

kalyani@hacker:~$ pass generate Email/fakeemail2@gmail.com 8

Here, after the generate command, you can enter the folder and email or website for which this password will be generated. After that, you can enter the number of characters that this password will be in length. In the example above, I have asked pass to generate a password of 8 characters in length for [email protected] which will be dumped in the Email folder.

Remove Password

Lastly, to remove a password from the password store:

kalyani@hacker:~$ pass rm <folder/sub-folder/email or website>

Ex:

kalyani@hacker:~$ pass rm Email/fakeemail2@gmail.com

Here, however, the command remove also works. In order to remove the password from the password-store, a full path must be specified.

Important Files and Folders

All passwords are stored within the ~/.password-store folder. This is the default password storage directory. Further, within this folder, the gpg encryption/decryption key is found in a hidden file called .gpg-id located at ~/.password-store/.gpg-id. Lastly, extensions are found within ~/.password-store/.extensions.

In my case, the password-store was located at /home/kalyani/.password-store. The next time you want to do anything to your password, you have to navigate to the password-store directory, and from there, you can perform all commands. Please note that nothing should be stored as plain text. All your information should in theory, if properly configured, be encrypted with a .gpg tag.

Remembering a dozen different passwords to a dozen different sites is not feasible. Writing down all said passwords in a notebook, and storing the notebook in a safe place is not practical. In such cases, as dangerous as it may seem, we have to lock away our passwords on our systems themselves. On Ubuntu, we need a package that is free, open source, and safe. Pass is one such package. In this tutorial, we learned to insert, remove, list, generate, move, find and retrieve passwords using Pass. Pass is indeed a simple yet powerful package.

Happy Coding!

About the author

Kalyani Rajalingham

I'm a linux and code lover.