Pass Store

By Elliot Smith on June 10th, 2020

Pass store linux

I have been a long time user of the pass password manager on my laptop for managing my passwords. I have known about its potential for integration to git for a long time which would allow easy syncing and pulling of the password store to other host machines.

This blog post explains how I went about it, shout out to this post on medium that helped me through the process.

Why a password manager?

Password managers make it easier to store, create and use passwords on your system. If you want to be able to get away from using the same couple of passwords for everything (which you should), then a password manager can help with doing so.

Whilst there are many "cloud" password managers, these can be compromised leaving all your passwords potentially at risk. I therefor decided it would be a good idea to have my password manager as a local one. There are quite a few available, but if you are using GNU/Linux or a Unix-like operating system, pass is the go to. It is a relatively simple program that utilises gpg and git. We therefor need to ensure we have both those programs installed and configured.

Setting up gpg

gpg utilises public-key cryptography to encrypt and decrypt things. To use pass we need to create a gpg key:

gpg --full-gen-key

Use the default key type but potentially use 4096 for the bit length. Ensure you use your proper name and e-mail, as this will be used to reference the key later.

Setting up pass

Initialising a new pass store is as simple as running the following with the e-mail you used to set up your gpg key:

pass init youre-mail@domain.com

At this point you could just start using pass and its relevant commands to manage your passwords, if however, you want to utilise git to be able to easily update and share your store you have to initialise it like so:

pass git init

Using git remotely

In order to do this, you obviously need a server. If you have one ssh into it and ensure git is installed. Once done you can add a new user to store the bare repository we will create in their home directory.

sudo adduser pass

In order to be able to log in to the remote server it is advisable to use a ssh key pair. On the local machine generate a key:

ssh-keygen -t rsa
ssh-copy-id pass@your-server-ip

You should be able to ssh into the server without the use of a password after this.

Back on the server we need to create the aforementioned bare git repo:

git init --bare pass-repo

Finally, on the local machine setup the remote for your git repo:

pass git remote add origin ssh://pass@your-server-ip:/home/pass/pass-repo

You may also have to set the upstream origin:

pass git push --set-upstream origin master

Accessing the store on another host

In order to access the pass store on another machine, you will need to export your private gpg key.

gpg --export-secret-keys > secret.gpg

DO NOT PUT THIS ANYWHERE WHERE IT WILL BE PUBLICLY ACCESSIBLE, this would allow anyone to access all your passwords.

Ensure git, pass and gpg are installed on the new machine and import the secret key:

gpg --import /path/to/key.gpg

Once this is imported you can get your password store by cloning it:

git clone ssh://pass@your-server-ip:/home/pass/pass-repo

And there you go, all your passwords available on another machine!

Subscribe

If you want to get updated with the latest blog entries directly to your inbox, put your e-mail address in the form below!