Pass: The standard Unix password manager

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Our great sponsors
  • Zigi - Workflow assistant built for devs & their teams
  • SonarLint - Clean code begins in your IDE with SonarLint
  • Scout APM - Truly a developer’s best friend
  • InfluxDB - Build time-series-based applications quickly and at scale.
  • pass-tomb

    A pass extension that helps you keep the whole tree of passwords encrypted inside a Tomb.

  • pass-import

    A pass extension for importing data from most of the existing password manager.

  • Zigi

    Workflow assistant built for devs & their teams. Automate the mundane part of your day, with live actionable messages for your GitHub & Jira tasks.

  • Pass4Win

    Windows version of Pass (http://www.passwordstore.org/)

    I've been using pass for several years now and I recommend it to my friends, but I usually get weird looks when I say I store my passwords in a git repo (it's not as bad as it sounds!). Here's why:

    - I host my git repo on my desktop computer (through SSH), so it's not exposed anywhere except if you have SSH access to my computer. (A lot of people seem to think git = GitHub which is not true).

    - The passwords are GPG encrypted so even if it were leaked that would be okay as long as my secret key remains secure.

    As far as usability goes, I usually use the -c option to copy/paste my passwords. I used a browser extension for awhile, but I haven't gotten around to reinstalling since the copy/paste works fine for me. Syncing with my phone and Linux devices works perfectly (since it's just git).

    The Windows client seems to be no longer maintained [1], so I would like better support here for my Surface. But this is still okay since I can SSH to my desktop computer from Windows and copy/paste the passwords from there.

    [1] https://github.com/mbos/Pass4Win#readme

  • kbs2

    A secret manager backed by age

    I don't use pass myself (I have severe NIH[1]), but its design has inspired me many times over: very, very few tools rise to the challenge of adhering to the Unix philosophy without cargo-culting it, and pass is one of them. I highly recommend that people looking to write engineer-friendly tools study its manpage[2].

    [1]: https://github.com/woodruffw/kbs2

    [2]: https://git.zx2c4.com/password-store/about/

  • OpenKeychain

    OpenKeychain is an OpenPGP implementation for Android.

    The Password Store app delegates key management to another app. I use OpenKeychain [1] for this. I believe OpenKeychain supports Yubikeys, but I haven't used that feature myself so I can't speak about how well it works.

    [1] https://www.openkeychain.org/

  • securestore

    A pass generalisation (by vimist)

    I love the simplicity of Pass, but I wanted just a few more features, like being able to store (and retrieve) extra data easily. Unstructured data below the initial password wasn't really enough for me.

    I ended up taking huge inspiration from Pass, but writing my own implementation[1] with a few more features that increased it's usefulness for my use cases.

    I posted it a while ago on here[2] and Reddit[3], but it basically stores each entry as a Bash script, which gives it so much flexibility: auto-typing, references, multiple fields, executable functions, etc. I also wrote a blog post on it[4].

    I'd be interested to hear what people think of if if anyone did/does end up giving it a go.

    [1]: https://github.com/vimist/securestore

  • prs

    🔐 A secure, fast & convenient password manager CLI using GPG and git to sync.

    I've developed `prs` as `pass` alternative with many annoyances fixed for daily use. It provides automatic syncing between multiple devices through git, supports multiple keys and many other things. It simply uses your existing `pass` store.

    Some might find it useful: https://github.com/timvisee/prs

  • SonarLint

    Clean code begins in your IDE with SonarLint. Up your coding game and discover issues early. SonarLint is a free plugin that helps you find & fix bugs and security issues from the moment you start writing code. Install from your favorite IDE marketplace today.

  • pass-code

    A pass extension that obscures the filenames and folder hierarchy within your password store.

    There's the pass-code extension for that:

    https://github.com/alpernebbi/pass-code

    > A pass extension that obscures the filenames and folder hierarchy within your password store.

    > pass-code generates random filenames for each file in the password store and keeps the mapping in an encrypted file. This way, no valuable information is accessible even if your password store is leaked to the public (unless your GPG private keys were also leaked). Nevertheless, you should always ensure proper protection of your password store.

  • passhole

    A secure hole for your passwords (KeePass CLI)

    I wrote a pass equivalent for KeePass for this very reason [0]. KeePass doesn't leak any metadata because everything is contained in a single file.

    [0]: https://github.com/Evidlo/passhole/

  • Android-Password-Store

    Android application compatible with ZX2C4's Pass command line application

    I'm thinking about adding encrypted file support to my pass wrapper, p, but I've not really found a good argument to support breaking mobile apps (such as https://github.com/android-password-store/Android-Password-S...).

    You'd have to manually look up the entries in a lookup table to resolve obfuscated names back to readable names... Or upstream support for whatever format is devised. I dunno.

  • I'm thinking about adding encrypted file support to my pass wrapper, p, but I've not really found a good argument to support breaking mobile apps (such as https://github.com/android-password-store/Android-Password-S...).

    You'd have to manually look up the entries in a lookup table to resolve obfuscated names back to readable names... Or upstream support for whatever format is devised. I dunno.

  • OkcAgent

    A utility that makes OpenKeychain available in your Termux shell

    [1]: https://github.com/DDoSolitary/OkcAgent

    Simple password decrypt: okc-gpg -d ~/.password-store/mypass.gpg

    I made a termux shortcut (button on homescreen) to emulate pass-dmenu via this ( store in ~/.shortcuts):

      #!/data/data/com.termux/files/usr/bin/env bash

  • gopass

    The slightly more awesome standard unix password manager for teams

    > Integrity - Ensure that only authorized parties are allowed to modify data. gopass makes no attempt at protecting the integrity of a store. However, we plan to do this in the future.

    https://github.com/gopasspw/gopass/blob/master/docs/security...

  • age

    A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

  • pash

    🔒 A simple password manager using GPG written in POSIX sh.

    > It’s secure, because it’s a short bash script

    There is also POSIX sh implementation available that is even shorter: https://github.com/dylanaraps/pash

  • encpass.sh

    Lightweight solution for using encrypted passwords in shell scripts

    We made an extension for encpass.sh that stores secrets in Keybase (https://github.com/plyint/encpass.sh/blob/master/extensions/...) if that sort of thing is of interest to you. Outside of personal secrets, it can be used as a sort of low cost stand in for shared secrets that you might use something like Vault for in a team environment.

  • pass-otp

    A pass extension for managing one-time-password (OTP) tokens

    I use it for 2FA (via https://github.com/tadfisher/pass-otp ) on my OpenMoko (QtMoko). I installed it via apt-get from the normal Debian repos.

  • passage

    An independent reimplementation of password-store, using `age` rather than PGP. NOTE: This isn't the passage project based on password-store. Use that; I don't really maintain this right now. https://github.com/FiloSottile/passage (by somasis)

    I’ve been using Pass for years, and love it.

    Question for HN... is there a project that anyone knows of, that is using Age instead of GPG as the encryption for Pass? I’ve seen a few implementations of it, but nothing I’d use for a daily driver yet.

    Example, not my project - https://github.com/somasis/passage

  • dotfiles

    My personal monorepo: dotfiles, /etc-files, single-file scripts, vim plugins, webexts/userscripts, xmonad config, all that stuff… (by liskin)

    * pre-selection of entries by looking at URL and focused form field

    So in most cases I press a keybinding which invokes passmenu, and then just press enter as the correct entry and field (password/username) is already selected. Quite handy.

    Source here if anyone's interested: https://github.com/liskin/dotfiles/blob/home/bin/passmenu and https://github.com/liskin/dotfiles/blob/home/bin/.passlib

  • passphrase2pgp

    Generate a PGP key from a passphrase

  • Scout APM

    Truly a developer’s best friend. Scout APM is great for developers who want to find and fix performance issues in their applications. With Scout, we'll take care of the bugs so you can focus on building great things 🚀.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts