I have used this for years with smartcard for secret key storage with physical confirmation on the device. This is just an incredibly efficient solution. Thanks for the tutorial!

The fact, that this can be used in bash scripts is amazing. I have a bunch of of scripts, to connect to various databases quickly and I was never compfortable with having the plain credentials directly in them. Thank you so so much. 🙏❤

Been using this for years, even implemented it at the office, we have several password stores for different trust levels within the business. As well as promote technical staff to manage their own personal password-store. One thing to note, is that a single password-store can be setup with multiple GPG keys, password-store then uses multi-key encryption which allows any of the included parties to read data (as long as you have one of the private keys loaded in GPG), and write data (as long as you have all the public keys loaded in GPG). Combined with git, you can't ask for a better in-house solution in my opinion. EDIT: And I've just noticed others have mentioned this, oh well :)

I've been using pass for a few years now and I learned lots watching this. Thanks so much!!

This seems like exactly what I wished to have for password manager, but I'm too lazy to migrate from my current password manager

What a great presentation of a great tool, using pass more than 4 years, love it.

Nice to see such a detailed explanation of a fantastic tool. I have not looked at anything else since I started using pass a few years ago.

8:25 one thing terminal enthusiasts will never stop doing is mixing up GPG and PGP

I've been using pass for about 3 years now. Wish I had such an amazing video back when I started, would have helped with almost any issue I encountered (the only other one being NixOS specific). Your other videos seem interesting too, you definetly deserve the bell!

Thank you for reintroducing me to this tool. I'd installed it, but seemingly never used it, so I'm remedying that deficit. It's a little different take than the tool I initially developed to read passwords from a store, but seems to work in much the same manner, only it's much more complete. In addition, it's a bash script, my favourite kind of tool!

thank you, great content, and the graphics and quality of the video is just too great :)

Awesome trick using an alias to override the AWS CLI command. One trick I use is a 'pass-fzf' wrapper script so I can fuzzy search a password and pipe it to the clipboard to search and copy passwords quickly.

So glad I ran into this video. I was about ready to build my own password manager. This looks really promising. None of the others caught my attention.

If you are gonna use a password manager, always fork the project and read the code before using it. FOSS communities are normally audited by the contributors, and they are unlikely to be dangerous. But you wanna be extra sure about the place you are writing all your passwords.

Thanks for your videos! After trying neovim every couple of years and just bouncing hard, your vim setup + tmux videos finally got me going with something that sticks. I was considering some terminal-based thing myself. I'm very much a 1Password user, I've found their quick-fill UI is great to just pop up for fetching PWs or other info in an entry without needing my hands to leave the keyboard, so I haven't really needed it yet. I was extremely happy when I found that 1Password Connect is available even for my personal Family-tier account, so I've been experimenting with that on my homelab, and deploying credentials as code with 1Password's Terraform provider has been like a dream. It sits in its own vault so it only has access to that and not my personal stuff. Never have to bother with the credentials, Terraform and the provider sorts it out for me. Not trying to shill 1Password, just a very happy user. :-P

Bravo! Best pass tutorial on the internet.

i've been using pass with passmenu for almost 2 years now. such a great tool

excellent topic coverage , cheers mate

5:11 Important security note! Disable the editor's backup system if it has one. For example, use `export EDITOR=rnano` instead of `export EDITOR=nano`. Just noticed this mistake recently -- all my edited password files in plain text!

Love this, I’ve been using a proprietary pwd manager for some time and I just don’t enjoy it…. But have been too lazy to look into a self managed version like this. Another great vid, thanks for sharing!

Wonderful channel, perfect content 🎉 thank you

Excellent! Thank you

KeePassXC + SyncThing = ✊ I started the transition from Bitwarden to my new setup about a couple of months ago: no MEGA, no Dropbox anti-privacy bullshit - my vaults never leave my devices. Data sovereignty. Working wonderfully integrating with all the devices where I might need to access passwords and sensible data in general: my laptop, my battle-station, my pocket-computer-stupidly-referred-as-smartphone, and my tablet.

Just subscribed! I never knew about this pass before. Your video is very informative

Small correction: Bitwarden can't be hacked. Like literally. They don't store any actual passwords. All the passwords are encrypted by your degice and the entire blob is sent to the server to sync. You can verify this, because the protocol is open source.

Great video. Thank you so much. A couple of questions. 1) how do you copy the username/email/other metadata to the clipboard without exposing the password? 2) how can this be used on mobile devices?

Hey, I've seen your terminal and fell in love, have you made a video covering your setup, if not would you be willing to upload the configs?

Great video as usual! ❤

Yes finally someone stated gnu-pass. Been using it for 6 years never had an issue with it. Synchronised passwords across multi devices just using a git account. No need to worry since key doesn't belong in the application itself.

This is great, but doesn't seem very convenient compared to having a browser add-on that will automatically list matching sites based on the domain (thus preventing phishing), show you a prompt to add/update the password in your vault, automatically sync all changes, and is available on mobile.

Aweome! Recently I am learning from your videos a lot. Would be great if you release at a video how to make ArchLinux looks so beautiful. A complete series on managing local environment, dotfiles (with scalability and interoperability in mind) and system setup would be a great help for us. I watched your videos about Tmux, NvChad as well. Those also were a great help for me. Thanks a lot.

for aws cli (and possibly a bunch of others) it's actually possible to make aws ask passwordstore directly, no need to export credentials as environment variables, no need to alias etc.

You have all the videos for things i thought, I might do some day. just ❤

Please consider cover some practical situations like syncing different git local repositories stored in different machines, so they may evolve adding or deleting keys, but they may need to be "synced".

Great tips !!! Thank you !!!

Super helpful , thank you

5:18 Does 'pass' takes care of disabling the '.viminfo' feature when entering vim (I've just read the source and it doesn't seem so)? I hope it does, otherwise a single register operation may momentarily leak credentials to the '.viminfo' file without encryption.

Great content! Thanks for sharing.

Hey, do you have a video about your Linux terminal setup?

I kinda like bitwarden. They had cli too and if you're a bit paranoid you can always self-host them

Could you suggest techniques to save these private keys? Also If you could expand more on its usages in your workflow!

Unrelated to the video, but do you edit these videos on Arch? If so, what video editor do you use? Love your stuff!

thanks a ton. It was really well explained, btw also a terminal guy❤

I like the idea of setting this up, perhaps I will someday......someday.

Great video. Thanks

This video was just perfect.

Top tutorial. Thank you

how did you get rounded corner in your vim/neovim pop-up for auto completion at 5:23 ?

This is nice, I currently just write my passwords on paper because they can't be hacked but I might switch to something like this

at @8:49 , are you sure the gpg flag for exporting secret key is "--export-secret-key" and not "--export-secret-keys" ? because i'm getting --export-secret-keyS on autocompletion.. man pages for gpg also show there is a keyS option, plural. my shell: bash. OS: ubuntu 23.04 x86_64

This is cool and all, but how do you manage when you want to login to smt on mobile?

Just wondering, where do you store your private key? I mean, do you use some service?

Do you have a video or guide on how to set up your terminal colors and especially the vim/tmux setup?

Yubikey sounds like an obvious thing to improve the experience with gpg keys here

i was wondering about something, how do you organize your passwords? Do you do it by category? E.g. entertainment, social, development, and so on, or do you do it by website domain, or a third option? I'm currently using the first one, but I've found myself using a "misc" folder far too frequently for my liking, what'd you recommend?

My notebook is the best password manager, it has never been compromised, I can always get back in and the transfer from once device to another is easy as well.

1:18 Dropping a like after use hearing that you use Arch. By the way it is mainly because I also use Arch.

Looks amazing tbh ill have to add it to the list of things ..

at 1:56 is that a floating terminal, and how can I replicate that? I'm asking cause when I get prompted to write my passphrase I get an ugly window.

there is also gopass, which is cross platform, and, as the name suggests uses go instead of a bash script

Thanks for video, have question - Is there any way to safely store a backup of the GPG private key in public repositories such as google-disk, or GitHub etc?

Been using pass for years (with the "passmenu" dmenu script on a keyboard shortcut) and love it. A side note for teams, or cases where you might want to share your passwords, it is possible to encrypt passwords with multiple keys! pass init shared/BlueTeam/ Now both key1 and key2 can decrypt the passwords stored in the BlueTeam subdirectory (and all subdirectories of BlueTeam so be aware). As pass was used at work the root of my password directory was split into two (~/.password-store/personal and /shared). Setting the personal directory to be ignored via the git ignore file. Backed that up using rsync to a separate solution, and this way my passwords didn't make the shared dir more chaotic for others. Though if you use QtPass (which works on Linux, Mac and Windows) you can define multiple password stores with separate git repositories so you don't have to be quite as terminal-goblin-y to get the same effect. One last thing: if you use Thunderbird with PGP, you may want to get a separate password PGP key. Otherwise your passwords can be decrypted using a left-open Thunderbird client (I know, physical access etc so only if this fits in your threat model). Actually used this to re-encrypt some passwords one time.

oh this nice option, thanks

How are you getting master password prompt in terminal? Is it a kind of polkit agent? How did you set it up?

Hi! I got a no public key error, even though pass -k lists the key I created. could u help?

Do you store recovery codes there too?

Keepassxc is great choice

Thank you "-)

What's a recommended process for also keeping user names? User name in xclip primary (middle mouse button) and password in xclip clipboard would be nice. Is there anything like that in Pass.

I always tend to forget the gpg commands. So I switched to keepassxc.

what DE or TWM do you use?

My current workflow is KeepassXC with a script that use it's cli command tool.

think this is the only video I intentionally "watched" post-roll ads for...

anyway how you can change the default text editor on pass, the default is use vi, i want to use neovim

Bitwarden can be self hosted so will it be safe?

Hey, i love ur vim config, do you have an accessible version ?

I don't use X or other similar graphical UI. I use tty only, so no xclip. Will I be able to use pass? I don't have access to X clipboard

How did you get a mac like topbar of the terminal app?

there's also a an integration with dmenu `pass-menu` which is great , and one with fzf too!

well it good idea in case of mistake and backup system. Which is good thing.

Just to be sure, apart from the git remote you may or may not setup, there are no servers involved? Can I go offline and still use this?

What about if you need to login on another computer which does not have the encrypted keys setup?

can it also encrypt and keep other file formats for example I want to store my ID card image, or bank statement pdf so that I can keep it uploaded on github and at the same time they are encrypted

what is the font you are using?

Not related to the topic but Itachi would be proud of your instance's name 😅

what i'm having trouble understanding is how is this different from using a combination of gnupg + git ? Both password store and gnupg will create encrypted files where you can store passwords. and then you can use git to keep history and upload encrypted files

How'd you make it so that your macbook's host is named `amaterasu` and not its local IP address?

Can you make a macOS setup tour?

So we store entire log of all edits in GitHub, each password encrypted individually, so any reuse is obvious without the key. And unencrypted passwords are in terminal memory until we close the terminal. Does it at least support yubikey?

How secure is it to upload to remote github? If that account get hacked, aren’t all my passwords available for grabs…?

when the java config video is coming sir still waiting................

Love the archbtw throwaway. I don't use archbtw btw.

Where are the passwords stored in?

Keybase for the gpg key store?

You can host bitwarden on ur own server btw

very nice!!!

I've created my own, locally Nothing fancy but my passwords are safe

Is there a similar alternative for Windows?

Clear and concise. Noice video! When you went over to macOS the rounded icons in statusline for tmux didn't look funky, whereas with any terminal emulator I tried, they look... weird. Back when I still used p10k, those looked kind of horrible as well. Did you find a way to fix it, or is that just another less popular terminal emulator?

for some reason tmux wont allow me to copy/paste a password into cli