Password Mangement with pass
Pass is a unix password manager Pass. It is a command line utility that helps manage your passwords.
Up until now I never really felt the need for a password manager. But with the complex constraints placed on users while setting up an account on websites, it is starting to dawn upon me to use a password manager. Especially for websites that I don’t login/visit quite often. I always have to play this guessing/memory game of whether the password on a particular site enforced a caps character or a special character or a numeric or some combination of 2 of them or all of them! Now I can surely in few attempts get the password but then again by the time I attempt to get the password right I would have locked myself up for too many incorrect attempts. And then I won’t be able to reuse the same passsword because the system won’t allow me to use password that I used in the last 1 year or 6 months. As a result I will come with a new password that I won’t actually be able to commit to my memory because I don’t visit that site that often and this will turn into a viscious circle and a huge time sink.
While browsing the archlinux applications page I came across ‘Pass’. It appealed to me pretty quickly. It stores the password locally and is a command line utility. The password isn’t stored in plain text(like some of the other command line utilities I have tried in the past and given up on). Its been only what like 10 minutes since I set it up, so I might revisit this post to add my thoughts after I have used for consideribaly longer period of time. But in the 10 minutes that I have used it, I really like it. I am in the process of storing the passwords from firefox to this utility.
The missing manual for setting up
The installation of pass was quite straight forward
pacman -S pass. But then the initial setup wasn’t as straight forward as mentioned on the website.
If you followed the website then, the next step after installing is running
pass init "<name for pass store>"
pass insert <nameofwebsite>/<account_name/email>
Which will prompt you to enter the password. But doing that resulted in following error on my arch machine.
gpg: Password store: skipped: No public key
gpg: [stdin]: encryption failed: No public key
Password encryption aborted.
So to solve this problem I had to perform the following operations:
- Create a gpg key
$ gpg --full-gen-key
I use the defaults for most of the options that was prompted.
- Export the key
$ gpg --export-secret-keys > ~/keyfile
- Import it in gpg2.
$ gpg2 --import ~/keyfile
this will print a keyname to prompt.
- Edit the key to set the trust level for the key
$ gpg2 --edit-key "<Keyname>"
use the keyname from the prompt that printed from running the previous command. You can also use
$ gpg --list-keys to get the keyname.
After typing the above command it will take to you gpg shell/command kind of environment.
Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y
- Lastly run
$ pass init <gpg_keyname>
Hopefully after this you should be able to insert in all the passwords without any problem :).
Stackexchange links that helped solve my problem: Link1 & Link2