Command Line Passwords with pass
Jon Brookes
2025-02-04
Pass for password and secrets management
Setting up a dedicated Git repository I believe is key and fundamental to taking ownership of your credentials / access control documentation with pass for linux
Setting up a git repository server gives us an easy to follow guide to creating this and the following refers to this as vault.git
In this example, we use an addition to pass. A plugin that encrypts the contents of the repository, protecting the meta data, that is the key names that are stored within pass - git-remote-gcrypt.
Installing pass and its pre-requisites on a linux system can be done with
sudo apt install git-remote-gcrypt pass gpg
for future reference and use, a method of copying things to the clipboard, this can be useful if you think there are shoulder surfers on linux is :
cat sec_key.txt | xsel --clipboard --input
where sec_key.txt is something you don’t want others to see but you need to paste into a secure web page
otherwise, to start running with pass command line passwords we need to import a gpg key on a target system that needs to use pass
gpg --import sec.txt
gpg --edit-key <NAME OF KEY>
followed by typing trust and 5 for ultimate
pass init [GPG key name here]
pass git init
pass git config pull.rebase false
pass git remote add origin gcrypt::git@HOST_RUNNING_GIT:/srv/git/PASSWORD_REPO.git
pass git pull --set-upstream origin main --allow-unrelated-histories
pass git branch -m master main
type pass to list any passwords we already have in our password repository
I have found that running a git status can lead to there being files that are not added initially and until the local and remote have not yet synced properly so
pass git add .
pass git commit
can sort this out
to save any changes to the remote repo :
pass git push --set-upstream origin main
typing pass [name of a key] will print out the key(s) that are available and tab completions works too so this is an eay way to navigate a pass vault
If you find this of interest, this missive: use-of-pass-for-security-classification is a follow up to this theme.