Skip to content

๐Ÿ”‘ YubiKey-sealed Secrets-as-Code for git.

License

Notifications You must be signed in to change notification settings

mihaigalos/pass

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 

Repository files navigation

pass

YubiKey-sealed Secrets-as-Code for git.

pass runs in the command line.

example

Why?

Online password managers have already reached maturity, however git can be used to store encrypted passwords and files just fine.

The i.e. GitHub repo containing them can be private.

How?

Leveraging age, one can use private-public keypairs for encryption of data for multiple such keys (recipients).

The private part is directly storeable on a YubiKey. Users are asked for a PIN for additional security.

Installation

OS: Linux.

Prerequisites:

  • just in $PATH.
  • Run just install <your secrets repo>.

Usage

$ just pass add mysecretname # Asks for a password, encrypts it to a file "mysecretname" and commit+pushes it to the secrets repository.
$ just pass add_file $(realpath mysecretfile) # Encrypts the given file (needs full path) and commit+pushes it to the secrets repository.
$ just pass mysecretname # Decrypts the secret file "mysecretname".
$ just pass list # list all known passwords. Feeds to fzf if installed.

Additionally, you can set an alias to get access to the functionality from any path in the shell:

$ echo 'alias pass="just --justfile ~/git/pass/Justfile pass"' >> ~/.bashrc
$ pass mysecretname # Prints the secret

Randompass

If you wish, you can generate a new random password directly:

$ just pass random mysecretname

And of course you can use it with the above alias:

$ pass random mysecretname # Encrypts a random password to a mysecretname and commit+pushes to the secrets repository.
$ pass mysecretname # Prints the secret.

If xclip is installed, the contents of the random password are automatically placed in the clipboard.

Acknowledgements

pass is just a thin wrapper around the following awesome technologies:

About

๐Ÿ”‘ YubiKey-sealed Secrets-as-Code for git.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published