DEV Community


Posted on

Pass: the simple CLI password manager

Do you use a password manager? If not, you should. But which one should you choose? There are a lot out there and a lot of good free ones such as the Keepass (X, XC etc.) or paying versions such as LastPass (edit: free for individuals) or OnePassword. This WIRED article lists some for you.

Today, I'd like to talk about a really cool, simple, perfect for the CLI dwellers like us, password manager: pass

Less is more

Pass is a CLI password manager, this means that unless you use one of the available interfaces, you will only be working in your terminal.

Pass works by using a GPG key to encrypt each passwords and stores the results in a Git repository. This means that backups are insanely easy: git push origin main and that's it!

In the past years, I have been using Keepass and KeepassXC a lot. I did like the way they worked but I was sometimes annoyed to keep a window open all the time for my passwords. Also, used to break my computers very often, I lost a certain amount of passwords over the time.

Pass has the usability of any CLI tool and uses the basics of Bash commands to manage your passwords. It's a dead simple encrypted folder and I have to say that is all I need.


The demo was made on a Linux with gpg-agent installed.

You would initialize your password repo like this (default location: ~/.password-store):

pass init
Enter fullscreen mode Exit fullscreen mode

Then, after signing up for your favorite online service, you can generate or insert a new password:

pass insert # then type your password
pass generate -c Newsletters/awesomeThing 32 # to generate a 32 random password and copy it to the clipboard
Enter fullscreen mode Exit fullscreen mode

After, a couple of days later you can search for your password:

pass search awesomeThing # and when you found the folder then:
pass -c Newsletters/awesomeThing
# here you will need to decrypt your GPG key
Enter fullscreen mode Exit fullscreen mode

Now let's say you want to back all of this on a private Git repo (Github, Gitea, Gitlab...):

pass git remote add origin URL
pass git push 
Enter fullscreen mode Exit fullscreen mode

Each pass command will run the add and commit for you, so you will only have to push to your repo.

Keep in mind that your GPG key is not backed up with your repo. You need to do to that separately.

Do you need to remove a password?

pass rm Newsletters/awesomeThing
Enter fullscreen mode Exit fullscreen mode

Do you need to move a password?

pass mv Newsletters/awesomeThing Videos/awesomeThing
Enter fullscreen mode Exit fullscreen mode

You can also edit, show and cp the passwords.

Ready to make the move? Check out those import scripts on the official website!

Are you ready to use pass? What's your favorite password manager?

Top comments (2)

mafflerbach profile image

I am using pass only, the nice thing is, that you can including them in your bash script. I am using it in every script where I have to pass passwords.

I combined pass with rofi for selection and xdotool to have auto completion.


evilcel3ri profile image

Oh that's pretty neat! I didn't know those tools, xdotools seems like it can solve a number of things I am trying to do!