http://fedoramagazine.org/using-pass-to-manage-your-passwords-on-fedora
At this point, I have more usernames and passwords to juggle than
any person should ever have to deal with. I know I’m not alone, either.
We have a surfeit of passwords to manage, and we need a good way to
manage them so we have easy access without doing something silly like
writing them down where others might find them. Being a fan of simple
apps, I prefer using
It’s never been a good idea to use the same username and password with multiple services, but in today’s world? It’s potentially disasterous. So I don’t. At the moment, I’m juggling something like 90 to 100 passwords for all of the services I use. Multiple Twitter accounts, my server credentials, OpenShift applications, my FAS credentials, sign-in for Rdio, and lots more.
As you might imagine, trying to memorize all of those passwords is an exercise in futility. I remember my system password, and a handful of others. Beyond that? I’d rather save some of my brain’s limited storage for more important things.
What’s
So what is
Yes, there are other options, but I settled on
The first thing you need to do is create a GPG Key. See the Fedora wiki for detailed instructions, or just use
Now, you just need to initialize your password store with
Using
Now that you have a password store set up, it’s time to start
creating or inserting passwords. If you already have a password you want
to store, use
This will create a directory (FAS) and the file (user) in Git, and encrypt the file so that no one can read it without your GPG passphrase. If you look under
If you want to create a new password, just use
Using
To recall a password, all you need to do is run
Here’s a nifty workaround for that, just use
If you’ve forgotten what passwords you have stored with
If you delete something by accident, you can simply go back and revert the commit!
I have been using
pass, a command line password manager.It’s never been a good idea to use the same username and password with multiple services, but in today’s world? It’s potentially disasterous. So I don’t. At the moment, I’m juggling something like 90 to 100 passwords for all of the services I use. Multiple Twitter accounts, my server credentials, OpenShift applications, my FAS credentials, sign-in for Rdio, and lots more.
As you might imagine, trying to memorize all of those passwords is an exercise in futility. I remember my system password, and a handful of others. Beyond that? I’d rather save some of my brain’s limited storage for more important things.
What’s pass, and What’s it Require?
So what is pass? It’s basically a simple command-line
utility that helps you manage passwords. It uses GnuPG-encrypted files
to save and manage user passwords. It will even keep them in a git
repository, if you choose to set it up that way. That means you’ll need
the pass package installed, along with its dependencies like git, gnupg2, and pwgen (a utility for generating passwords).Yes, there are other options, but I settled on
pass a while back as the best fit for my needs. Here’s how you can give it a shot and see if it works for you!Installation and Setup
Installing pass is simple, it’s conveniently packaged for Fedora. Just open a terminal and runyum install -y pass and it should grab all the dependencies you need.The first thing you need to do is create a GPG Key. See the Fedora wiki for detailed instructions, or just use
gpg --gen-key and walk through the series of prompts. When in doubt, accept the defaults.Now, you just need to initialize your password store with
pass init GPG-ID. Replace “GPG-ID” with the email address you used for your GPG key.
Using pass: Adding and Creating Passwords
Now that you have a password store set up, it’s time to start
creating or inserting passwords. If you already have a password you want
to store, use pass edit passwordname. For example, if you were going to store your Fedora Account System (FAS) password, you might use pass edit FAS/user with “user” being your username in FAS.This will create a directory (FAS) and the file (user) in Git, and encrypt the file so that no one can read it without your GPG passphrase. If you look under
~/.password-store/FAS/ you’ll see a file like user.gpg. The directory part is optional, but I find it useful to help keep track of passwords.If you want to create a new password, just use
pass generate FAS/user 12 where “FAS/user” would be the username, and the password length (generated by pwgen)
would be 12 characters. The auto-generated passwords will include
upper- and lower-case letters, numbers, and special characters.Creating a git Repository
One of the biggest selling points to me forpass is its
integration with git. But it’s not automatic, you do need to tell it to
initialize the git repo and use it. First, make sure you’ve set your git
globals:
git config --global user.email "your@email.com"
git config --global user.name "Awesome User"
pass git init and it will intialize a git
repository in your password store. From then on, it will automatically
add new passwords and such to the git repo. If you want to manage
passwords on multiple machines, this makes it dead easy: Just clone the
repository elsewhere and keep them in sync as you would a normal git
repo.
Using pass: Reading Passwords
To recall a password, all you need to do is run pass user, so pass FAS/user would print out the password to the terminal. But what if you don’t want it to be seen by someone looking over your shoulder?Here’s a nifty workaround for that, just use
pass -c FAS/user
and it will simply copy your password to the clipboard for 45 seconds.
All you have to do is run the command, move over to the application
where you’d like to enter your password, and then hit Enter.If you’ve forgotten what passwords you have stored with
pass, just use pass ls and you’ll get a complete listing.Deleting Passwords
Sometimes you need to get rid of a password. Just usepass rm user and pass will ask if you’re sure, then delete the password file.If you delete something by accident, you can simply go back and revert the commit!
Stay Safe!
So that’s the basics of usingpass. You can get even more examples by running man pass, and I highly recommend skimming the man page at least once.I have been using
pass for some time now, and it’s been a life-saver. I hope it serves you as well as it has me!
No comments:
Post a Comment