This guide is focused on MacOS but it should work equally well in Linux. Just replace the brew command with your distributions package manager.
Start by installing GPG
# brew install gpg
# gpg --gen-key
# gpg --list-keys
/Users/joe/.gnupg/pubring.kbx
---------------------------
pub rsa3072 2021-04-04 [SC] [expires: 2023-04-04]
ERGF34634ttFERF345DSF65465DRGER47BDBH213
uid [ultimate] Nimpen <nimpen@asbra.nu>
sub rsa3072 2021-04-04 [E] [expires: 2023-04-04]
Next step is to install the pass command
# brew install pass
# pass init ERGF34634ttFERF345DSF65465DRGER47BDBH213
Password store initialized for ERGF34634ttFERF345DSF65465DRGER47BDBH213
Let’s try it out!
# pass insert testar/test
Enter password for testar/test: *********
Retype password for testar/test: *********
The passwords are stored in a directory structure as GPG encrypted files inside your home directory ~/.password-store/
You can run ls ~/.password-store/ or use the built in command to view your files.
# pass
Password Store
`-- testar
`-- test
To view a password, simply run the command with the path:
# pass testar/test
abc123
To generate a secure 30 char password:
# pass generate testar/test2 30
The generated password for testar/test2 is:
arEY,C+u^eTDRb-l+1m}[lKSi')Yfi
Troubleshooting
i’ve had som troubles with the gpg-agent not asking for a password, to remedy this please kill the gpg-agent process.
# kill -9 $(pgrep gpg-agent)
Bonus tracks
Use git for version control
# pass git init
# pass git commit
To use a remote repository
# pass git remote add origin git@github.com:joe/pass-store.git
# pass git push
Moving gpg-key to another server
local# gpg --output pass.gpg --export-secret-keys ERGF34634ttFERF345DSF65465DRGER47BDBH213
remote# gpg --import pass.gpg