Pass store linux
I have been a long time user of the pass password manager on my laptop for managing my passwords. I have known about its potential for integration to git for a long time which would allow easy syncing and pulling of the password store to other host machines.
This blog post explains how I went about it, shout out to this post on medium that helped me through the process.
Why a password manager?
Password managers make it easier to store, create and use passwords on your system. If you want to be able to get away from using the same couple of passwords for everything (which you should), then a password manager can help with doing so.
Whilst there are many "cloud" password managers, these can be compromised leaving all your passwords potentially at risk. I therefor decided it would be a good idea to have my password manager as a local one. There are quite a few available, but if you are using GNU/Linux or a Unix-like operating system, pass is the go to. It is a relatively simple program that utilises
git. We therefor need to ensure we have both those programs installed and configured.
gpg utilises public-key cryptography to encrypt and decrypt things. To use
pass we need to create a
Use the default key type but potentially use 4096 for the bit length. Ensure you use your proper name and e-mail, as this will be used to reference the key later.
Initialising a new
pass store is as simple as running the following with the e-mail you used to set up your
pass init firstname.lastname@example.org
At this point you could just start using
pass and its relevant commands to manage your passwords, if however, you want to utilise
git to be able to easily update and share your store you have to initialise it like so:
pass git init
In order to do this, you obviously need a server. If you have one ssh into it and ensure git is installed. Once done you can add a new user to store the bare repository we will create in their home directory.
sudo adduser pass
In order to be able to log in to the remote server it is advisable to use a ssh key pair. On the local machine generate a key:
ssh-keygen -t rsa ssh-copy-id pass@your-server-ip
You should be able to
ssh into the server without the use of a password after this.
Back on the server we need to create the aforementioned bare git repo:
git init --bare pass-repo
Finally, on the local machine setup the remote for your git repo:
pass git remote add origin ssh://pass@your-server-ip:/home/pass/pass-repo
You may also have to set the upstream origin:
pass git push --set-upstream origin master
Accessing the store on another host
In order to access the pass store on another machine, you will need to export your private gpg key.
gpg --export-secret-keys > secret.gpg
DO NOT PUT THIS ANYWHERE WHERE IT WILL BE PUBLICLY ACCESSIBLE, this would allow anyone to access all your passwords.
gpg are installed on the new machine and import the secret key:
gpg --import /path/to/key.gpg
Once this is imported you can get your password store by cloning it:
git clone ssh://pass@your-server-ip:/home/pass/pass-repo
And there you go, all your passwords available on another machine!