From Gentoo Wiki
Jump to:navigation Jump to:search
This article is a stub. Please help out by expanding it - how to get started.

pass is a command-line password manager that stores, retrieves, generates, and synchronizes passwords securely. It integrates directly with the user's PGP keys to store password in encrypted format on disk. Pass is written in Bash and was created by Gentoo developer Jason A. Donenfeld (Zx2c4) .


USE flags

USE flags for app-admin/pass Stores, retrieves, generates, and synchronizes passwords securely

X Use x11-misc/xclip to copy passwords to the clipboard.
dmenu Add support for x11-misc/dmenu with the 'passmenu' program.
emacs Add support for GNU Emacs
git Use dev-vcs/git for password revisions.
importers Allow importing passwords from other password managers using various contributed scripts.
wayland Enable dev-libs/wayland backend


root #emerge --ask app-admin/pass

Additional software


Browser add-ons

Compatible tools




For initial steps and configuration read the pass man pages:

user $man pass



Adding a pass entry for the user larry:

user $pass edit gentoo/larry

Example pass entry generating (OTP) one-time passwords:

user $pass show gentoo/larry

Generating a (OTP) one-time password using pass otp command:

user $pass otp gentoo/larry


Users of Vim or Neovim should configure the editor not to write the password to disk when using pass edit command,

which can inadvertently happen with options such as swapfile and undofile. There is a plugin to set the appropriate options when the editor is editing a password file at Like other Vim plugins, this can be installed using a plugin manager or by placing the files in an appropriate location manually.


user $pass --help
= pass: the standard unix password manager =
=                                          =
=                  v1.7.4                  =
=                                          =
=             Jason A. Donenfeld           =
=                 =
=                                          =
=       =

    pass init [--path=subfolder,-p subfolder] gpg-id...
        Initialize new password storage and use gpg-id for encryption.
        Selectively reencrypt existing passwords using new gpg-id.
    pass [ls] [subfolder]
        List passwords.
    pass find pass-names...
        List passwords that match pass-names.
    pass [show] [--clip[=line-number],-c[line-number]] pass-name
        Show existing password and optionally put it on the clipboard.
        If put on the clipboard, it will be cleared in 45 seconds.
    pass grep [GREPOPTIONS] search-string
        Search for password files containing search-string when decrypted.
    pass insert [--echo,-e | --multiline,-m] [--force,-f] pass-name
        Insert new password. Optionally, echo the password back to the console
        during entry. Or, optionally, the entry may be multiline. Prompt before
        overwriting existing password unless forced.
    pass edit pass-name
        Insert a new password or edit an existing password using /usr/bin/vim.
    pass generate [--no-symbols,-n] [--clip,-c] [--in-place,-i | --force,-f] pass-name [pass-length]
        Generate a new password of pass-length (or 25 if unspecified) with optionally no symbols.
        Optionally put it on the clipboard and clear board after 45 seconds.
        Prompt before overwriting existing password unless forced.
        Optionally replace only the first line of an existing file with a new password.
    pass rm [--recursive,-r] [--force,-f] pass-name
        Remove existing password or directory, optionally forcefully.
    pass mv [--force,-f] old-path new-path
        Renames or moves old-path to new-path, optionally forcefully, selectively reencrypting.
    pass cp [--force,-f] old-path new-path
        Copies old-path to new-path, optionally forcefully, selectively reencrypting.
    pass git git-command-args...
        If the password store is a git repository, execute a git command
        specified by git-command-args.
    pass help
        Show this text.
    pass version
        Show version information.

More information may be found in the pass(1) man page.



root #emerge --ask --depclean --verbose app-admin/pass

See also

External resources