How I use Unix pass
pass is a Unix password manager application. It saves passwords in plain text files which are encrypted using a gpg key.
From the official website:
Password management should be simple and follow Unix philosophy. With pass, each password lives inside of a gpg encrypted file whose filename is the title of the website or resource that requires the password. These encrypted files may be organized into meaningful folder hierarchies, copied from computer to computer, and, in general, manipulated using standard command line file management utilities.
I tend to only use one command:
pass name
where “name” is the file name of the password, for example, “amazon”. That command then decrypts the password file for “name” and shows it to me in the CLI.
I do not use the other functionality which comes with it. Whilst pass is capable of creating and generating passwords, I prefer to do that on my own.
To create a new password file, I use a standard text file and save it with no extension. For example, to create a new password file for amazon, I save a text file in the default folder .password-store simply as amazon, then add whatever I need to it. I have no sorting sub-folders; everything gets dropped into the main top folder.
user: me@amazon.com
password: my_amazon_pass
Once saved, I encrypt with GnuPG.
gpg -er secret@my.key amazon
And this is immediately available to pass.
I also find pass extremely portable. For example, I can zip up my entire password store and e-mail it to myself. As all the password files are already encrypted, no one can read them if intercepted. I do this between my desktop and laptop. The key which locks my password files is on both machines and is used exclusively for pass.
Of course, everyone uses a password safe differently and has different needs. For example, others might want to have their passwords available in the browser to auto-fill. I do not — or should I say, I no longer — do this. If I need a password for a website, I retrieve it and either manually type it in, or I copy and paste it into the browser.
I am of the opinion that storing my passwords in a browser is asking for trouble. And so is the use of a fancy, cloud-synced password manager.
If you are on a Nix, consider using pass.