Recently I decided to start using a password manager as I’ve found myself caring more and more about security lately. Like many others I had the bad habit of using the same few passwords across many sites and with the multitude of security breaches and password dumps we’ve seen this year (I’m pretty sure that you could find my old DropBox password in there if you looked hard enough.) has motivated me to correct that. So, I’ve taken it upon myself to “up my game” and practice what my good friend Jason Crosby preaches (turns out he isn’t just a crazy old sysadmin).

A quick side note about this guide

I assume in this guide that you’re running in a Linux, Mac, BSD, or some other Unix-like system running bash or a comparable shell. On Windows I have no idea how to set all this up, there is a Windows client for password-store that I can attest to working quite well but I already had my password store set up with a git repo etc. before I tried using it.

So what is a password manager?

Some of you may be wondering what a password manager is and I don’t blame you. A password manager is a piece of software that will store your passwords in an encrypted form and tie those to specific websites so you don’t have to remember them. The benefit of this is you can then store very complex passwords which are unique to each site making any one security breach mean nothing because they cannot use that info to get access to your other accounts, while the complexity of the passwords will thwart most if not all attempts to even get the password for the breached site. You also get the convenience of only needing to remember one password as you will use a “master password” to unlock all of the other randomized passwords.

There are a lot of password managers out there to try, some which cost money and some that don’t, and unfortunately none of the hosted options are immune security breaches themselves. This led me to look for a self hosted solution that was simple to understand and flexible so at least if it got breached it was my own fault and hadn’t cost me any money. This is when I stumbled upon pass

What is pass?

Stealing from the password-store website:

pass makes managing individual password files extremely easy. All passwords live in ~/.password-store , and pass provides some nice commands for adding, editing, generating, and retrieving passwords. It is a very short and simple shell script. It’s capable of temporarily putting passwords on your clipboard and tracking password changes using git.

The important thing to note is that it’s based on the Unix philosophy and is a command line tool which means that it’s simple to grok and easy to extend.

Pass itself is little more than a set of scripts wrapping gpg and git but to me that is its strength because those are tools which I’m already familiar with. Enough rambling however, lets get to the guide.