Clever uses of pass, the Unix password manager

• passforios

  19 1,467 4.5 Swift

  Pass for iOS - an iOS client compatible with Pass command line application.

Sadly no yubikey support though - https://github.com/mssun/passforios/issues/42

• gopass

  37 5,643 9.2 Go

  The slightly more awesome standard unix password manager for teams

  

The stdout from `pass` is awful, even for copy-pasting. OTOH, gopass [1], an otherwise 100% compatible drop-in replacement does the job much better and has some neat collaborative features as well.

[1] https://github.com/gopasspw/gopass

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• lastpass-cli

  10 2,858 6.0 C

  LastPass command line interface tool

  

FYI for those interested in CLI password management, there is a pretty good CLI for LastPass called lpass that even supports your Yubikeys.

https://github.com/lastpass/lastpass-cli

• pass-import

  403 768 8.4 Python

  A pass extension for importing data from most existing password managers

there is a pass import pluging allowing you to import bitwardn csv

https://github.com/roddhjav/pass-import

maybe you can "bridge it" with bitwarden-cli via some export/import commands or may as well use bitwarden-cli directly (but i find the pass ui much bettwer than bw cli command)

• Android-Password-Store

  2 1,909 9.5 Kotlin

  Discontinued Android application compatible with ZX2C4's Pass command line application [Moved to: https://github.com/android-password-store/Android-Password-Store] (by zeapo)

  

• systemd

  510 12,457 10.0 C

  The systemd System and Service Manager

  

You can do this by mounting procfs with the hidepid= option. But it breaks systemd when enabled system-wide: https://github.com/systemd/systemd/issues/12955

Individual units can opt-in to this behaviour with the ProtectProc= option though. But I don't think there's currently a good way to apply it to users' interactive processes.

• pass-otp

  22 1,221 0.0 Shell

  A pass extension for managing one-time-password (OTP) tokens

I also use this for OTP tokens instead of my phone!

https://github.com/tadfisher/pass-otp

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• hunter2

  1 14 10.0 Tcl

  The "hunter2" password manager is a simple script-oriented password manager. (by rkeene)

• chezmoi

  59 11,689 9.7 Go

  Manage your dotfiles across multiple diverse machines, securely.

• melpa

  104 2,678 9.7 Emacs Lisp

  Recipes and build machinery for the biggest Emacs package repo

  

I use pass with Emacs, using this package [1], and it's very nicely integrated and useful.

[1] https://melpa.org/#/pass

• passage

  2 14 0.0 Shell

  Password store and secret manager using age encryption. This is my attempt to replace passwordstore's use of PGP, with age encryption. I am sure there are more elegant ways to accomplish this, but it is working for my purposes. (by chrisswanda)

Here's one I have been playing with with success.

https://github.com/chrisswanda/passage

• Android-Password-Store

  27 2,448 9.7 Kotlin

  Android application compatible with ZX2C4's Pass command line application

  

Oh dammit. I have stopped using Gopass and started rewriting pass just for that reason - missing AGE encryption. At least I have learned something new and I feel better while my fuzzy finder UI instead of their TUI. However, big kudos to Gopass team for awesome work and really useful tool.

Before I start working on next project... Do you recognize any mobile app, which could replace PasswordStore.app for Android but with AGE support?

[0]: https://github.com/android-password-store/Android-Password-S...

• Android-Password-S

  9 - -

Oh dammit. I have stopped using Gopass and started rewriting pass just for that reason - missing AGE encryption. At least I have learned something new and I feel better while my fuzzy finder UI instead of their TUI. However, big kudos to Gopass team for awesome work and really useful tool.

Before I start working on next project... Do you recognize any mobile app, which could replace PasswordStore.app for Android but with AGE support?

[0]: https://github.com/android-password-store/Android-Password-S...

• docker-credential-helpers

  2 1,016 7.3 Go

  Programs to keep Docker login credentials safe by storing in platform keystores

  

Docker supports a credential-helper module[0], which supports 4 different backends for fetching the docker registry credentials: osxkeychain, pass, wincred, and secretservice.

pass lets you use GPG-smartcards, and many of those (such as Yubikeys) will let you enforce touch-policies for signing/encruption.

As a combination of both these however, I must touch my Yubikey every time I pull a new docker image.

Another cool use-case is that I use the terraform-pass-provider to save secrets for my personal terraform project.

[0]: https://github.com/docker/docker-credential-helpers

• age-plugin-yubikey

  11 497 5.5 Rust

  YubiKey plugin for age

• yubitouch

  1 155 0.0 Shell

  Bash script for setting or clearing touch requirements for # cryptographic operations the OpenPGP application on a YubiKey 4

Here's a script that will set that mode, in case you'd like to use it. It prevents someone/malware from being able to use your key after you've unlocked it. For example if you hacked my computer and tried to use it to ssh to another machine you'd be unable because you'd need me to tap the key.

I'd suggest trying 'on' before 'fix', but then switching to 'fix' for the extra security it provides.

https://github.com/a-dma/yubitouch

• pass-tomb

  9 366 7.1 Shell

  A pass extension that helps you keep the whole tree of passwords encrypted inside a Tomb.

• pass-coffin

  4 34 0.0 Shell

  A password store extension to hide data inside a signed and encrypted coffin

Besides pass-tomb, there's also pass-coffin which doesn't need to rely on a 3k+ line ZSH script. I'll add support for using age and signify in pass-coffin soon.

https://github.com/ayushnix/pass-coffin

• rage

  36 2,317 9.1 Rust

  A simple, secure and modern file encryption tool (and Rust library) with small explicit keys, no config options, and UNIX-style composability.

As yepguy mentioned AGE is simpler. I can also mention few things:

- It works smoothly with SSH keys (generated from ssh-keygen), which are perfectly recognized by possibly any developer.

- No need for external client, such as OpenKeychain for Android or GpgWin/Kleopatra for Windows.

- Embed-able in Rust[0] and Go[1] (there are libraries), no need to call `gpg --decrypt ...` from the command line.

- Encrypted files by pass and keys are smaller. I guess it is thanks to ecliptic-curve encryption.

[0]: https://github.com/str4d/rage

[1]: https://github.com/FiloSottile/age

• age

  213 15,298 4.9 Go

  A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

As yepguy mentioned AGE is simpler. I can also mention few things:

- It works smoothly with SSH keys (generated from ssh-keygen), which are perfectly recognized by possibly any developer.

- No need for external client, such as OpenKeychain for Android or GpgWin/Kleopatra for Windows.

- Embed-able in Rust[0] and Go[1] (there are libraries), no need to call `gpg --decrypt ...` from the command line.

- Encrypted files by pass and keys are smaller. I guess it is thanks to ecliptic-curve encryption.

[0]: https://github.com/str4d/rage

[1]: https://github.com/FiloSottile/age

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Suggest a related project