I've been using pass for a few years now and I learned lots watching this. Thanks so much!!

Been using this for years, even implemented it at the office, we have several password stores for different trust levels within the business. As well as promote technical staff to manage their own personal password-store. One thing to note, is that a single password-store can be setup with multiple GPG keys, password-store then uses multi-key encryption which allows any of the included parties to read data (as long as you have one of the private keys loaded in GPG), and write data (as long as you have all the public keys loaded in GPG). Combined with git, you can't ask for a better in-house solution in my opinion. EDIT: And I've just noticed others have mentioned this, oh well :)

This seems like exactly what I wished to have for password manager, but I'm too lazy to migrate from my current password manager

What a great presentation of a great tool, using pass more than 4 years, love it.

Nice to see such a detailed explanation of a fantastic tool. I have not looked at anything else since I started using pass a few years ago.

thank you, great content, and the graphics and quality of the video is just too great :)

The fact, that this can be used in bash scripts is amazing. I have a bunch of of scripts, to connect to various databases quickly and I was never compfortable with having the plain credentials directly in them. Thank you so so much. 🙏❤

I've been using pass for about 3 years now. Wish I had such an amazing video back when I started, would have helped with almost any issue I encountered (the only other one being NixOS specific). Your other videos seem interesting too, you definetly deserve the bell!

I have used this for years with smartcard for secret key storage with physical confirmation on the device. This is just an incredibly efficient solution. Thanks for the tutorial!

Wonderful channel, perfect content 🎉 thank you

Bravo! Best pass tutorial on the internet.

Great tips !!! Thank you !!!

Thanks for your videos! After trying neovim every couple of years and just bouncing hard, your vim setup + tmux videos finally got me going with something that sticks. I was considering some terminal-based thing myself. I'm very much a 1Password user, I've found their quick-fill UI is great to just pop up for fetching PWs or other info in an entry without needing my hands to leave the keyboard, so I haven't really needed it yet. I was extremely happy when I found that 1Password Connect is available even for my personal Family-tier account, so I've been experimenting with that on my homelab, and deploying credentials as code with 1Password's Terraform provider has been like a dream. It sits in its own vault so it only has access to that and not my personal stuff. Never have to bother with the credentials, Terraform and the provider sorts it out for me. Not trying to shill 1Password, just a very happy user. :-P

So glad I ran into this video. I was about ready to build my own password manager. This looks really promising. None of the others caught my attention.

You have all the videos for things i thought, I might do some day. just ❤

Super helpful , thank you

Great video as usual! ❤

Love this, I’ve been using a proprietary pwd manager for some time and I just don’t enjoy it…. But have been too lazy to look into a self managed version like this. Another great vid, thanks for sharing!

Excellent! Thank you

8:25 one thing terminal enthusiasts will never stop doing is mixing up GPG and PGP

Hey, I've seen your terminal and fell in love, have you made a video covering your setup, if not would you be willing to upload the configs?

Great video. Thanks

If you are gonna use a password manager, always fork the project and read the code before using it. FOSS communities are normally audited by the contributors, and they are unlikely to be dangerous. But you wanna be extra sure about the place you are writing all your passwords.

i've been using pass with passmenu for almost 2 years now. such a great tool

Great content! Thanks for sharing.

Top tutorial. Thank you

Awesome trick using an alias to override the AWS CLI command. One trick I use is a 'pass-fzf' wrapper script so I can fuzzy search a password and pipe it to the clipboard to search and copy passwords quickly.

This is great, but doesn't seem very convenient compared to having a browser add-on that will automatically list matching sites based on the domain (thus preventing phishing), show you a prompt to add/update the password in your vault, automatically sync all changes, and is available on mobile.

Aweome! Recently I am learning from your videos a lot. Would be great if you release at a video how to make ArchLinux looks so beautiful. A complete series on managing local environment, dotfiles (with scalability and interoperability in mind) and system setup would be a great help for us. I watched your videos about Tmux, NvChad as well. Those also were a great help for me. Thanks a lot.

This video was just perfect.

Looks amazing tbh ill have to add it to the list of things ..

very nice!!!

Yes finally someone stated gnu-pass. Been using it for 6 years never had an issue with it. Synchronised passwords across multi devices just using a git account. No need to worry since key doesn't belong in the application itself.

Small correction: Bitwarden can't be hacked. Like literally. They don't store any actual passwords. All the passwords are encrypted by your degice and the entire blob is sent to the server to sync. You can verify this, because the protocol is open source.

This is nice, I currently just write my passwords on paper because they can't be hacked but I might switch to something like this

I love this

well it good idea in case of mistake and backup system. Which is good thing.

for aws cli (and possibly a bunch of others) it's actually possible to make aws ask passwordstore directly, no need to export credentials as environment variables, no need to alias etc.

Please consider cover some practical situations like syncing different git local repositories stored in different machines, so they may evolve adding or deleting keys, but they may need to be "synced".

KeePassXC + SyncThing = ✊ I started the transition from Bitwarden to my new setup about a couple of months ago: no MEGA, no Dropbox anti-privacy bullshit - my vaults never leave my devices. Data sovereignty. Working wonderfully integrating with all the devices where I might need to access passwords and sensible data in general: my laptop, my battle-station, my pocket-computer-stupidly-referred-as-smartphone, and my tablet.

Great video. Thank you so much. A couple of questions. 1) how do you copy the username/email/other metadata to the clipboard without exposing the password? 2) how can this be used on mobile devices?

Great video

Unrelated to the video, but do you edit these videos on Arch? If so, what video editor do you use? Love your stuff!

oh this nice option, thanks

1:18 Dropping a like after use hearing that you use Arch. By the way it is mainly because I also use Arch.

Clear and concise. Noice video! When you went over to macOS the rounded icons in statusline for tmux didn't look funky, whereas with any terminal emulator I tried, they look... weird. Back when I still used p10k, those looked kind of horrible as well. Did you find a way to fix it, or is that just another less popular terminal emulator?

there's also a an integration with dmenu `pass-menu` which is great , and one with fzf too!

My current workflow is KeepassXC with a script that use it's cli command tool.

I kinda like bitwarden. They had cli too and if you're a bit paranoid you can always self-host them

Thanks for video, have question - Is there any way to safely store a backup of the GPG private key in public repositories such as google-disk, or GitHub etc?

Thank you "-)

This is cool and all, but how do you manage when you want to login to smt on mobile?

think this is the only video I intentionally "watched" post-roll ads for...

My notebook is the best password manager, it has never been compromised, I can always get back in and the transfer from once device to another is easy as well.

So we store entire log of all edits in GitHub, each password encrypted individually, so any reuse is obvious without the key. And unencrypted passwords are in terminal memory until we close the terminal. Does it at least support yubikey?

I absolutely love this!! One thing I'm missing, I usually like bitwarden because I can also use it from my phone if I need to copy, for example, my paypal or bank account password so I can log in from my phone Does anyone know if someone already created some sort of mobile client so we can use basic features like copying or editing a password from the phone??

what DE or TWM do you use?

Been using pass for years (with the "passmenu" dmenu script on a keyboard shortcut) and love it. A side note for teams, or cases where you might want to share your passwords, it is possible to encrypt passwords with multiple keys! pass init shared/BlueTeam/ Now both key1 and key2 can decrypt the passwords stored in the BlueTeam subdirectory (and all subdirectories of BlueTeam so be aware). As pass was used at work the root of my password directory was split into two (~/.password-store/personal and /shared). Setting the personal directory to be ignored via the git ignore file. Backed that up using rsync to a separate solution, and this way my passwords didn't make the shared dir more chaotic for others. Though if you use QtPass (which works on Linux, Mac and Windows) you can define multiple password stores with separate git repositories so you don't have to be quite as terminal-goblin-y to get the same effect. One last thing: if you use Thunderbird with PGP, you may want to get a separate password PGP key. Otherwise your passwords can be decrypted using a left-open Thunderbird client (I know, physical access etc so only if this fits in your threat model). Actually used this to re-encrypt some passwords one time.

can it also encrypt and keep other file formats for example I want to store my ID card image, or bank statement pdf so that I can keep it uploaded on github and at the same time they are encrypted

You can host bitwarden on ur own server btw

there is also gopass, which is cross platform, and, as the name suggests uses go instead of a bash script

Dude! Bravo on a great video! Obviously you put a lot of effort into your videos. Every aspect of this video (script, video, audio, post production and voice-over) is top notch! Looking forward to exploring your channel further. Oh, and you answered my questions on how to integrate git with pass and provided some great examples to take my own skills even further than I was thinking I needed to go. Subscribe... check!

Let's be honest, that's nowhere near as convenient as a real password manager. I get it we all love our CLI and stuff but what about autofill, automatic saving of newly created accounts/passwords, auto synching, autofill on mobile, combining web and app passwords etc etc. I guess for a backup of my most important keys it would be useful but than again I could just use gpg and git. Bitwarden can be self-hosted, is OSS and provides actual password manager features, and even has a CLI for those who want it. I guess this is a fun little tool to play around with but yeah I wouldn't call a gpg frontend a password manager.

Yubikey sounds like an obvious thing to improve the experience with gpg keys here

Is there a similar alternative for Windows?

does anybody know if password-store is usable with windows? i'm not the most tech proficient person, but this video did get me to use password-store as my main password manager whilst using ubuntu, and now i would like to use it with windows, but i don't see a rather simple way to install it. am i missing something or do i simply have to find another option?

Hey, do you have a video about your Linux terminal setup?

I'm trying to set up this with github, but I don't know how to authenticate to it. Can someone explain how to do that for pass?

Vulnerable password manager

how did you get rounded corner in your vim/neovim pop-up for auto completion at 5:23 ?

What's a recommended process for also keeping user names? User name in xclip primary (middle mouse button) and password in xclip clipboard would be nice. Is there anything like that in Pass.

Could be do passkey on local system Like using raspberry pi

what i'm having trouble understanding is how is this different from using a combination of gnupg + git ? Both password store and gnupg will create encrypted files where you can store passwords. and then you can use git to keep history and upload encrypted files

Is it recommended to use `pass rm` over the vanilla `rm`? Same for `pass git push ..`, why not just use vanilla git commands? Great video ❤

Do you have a video or guide on how to set up your terminal colors and especially the vim/tmux setup?

anyway how you can change the default text editor on pass, the default is use vi, i want to use neovim

Keybase for the gpg key store?

Thank you for helping us all. I have discord up and I am truly needing help.

Is this available for Windows?

I've created my own, locally Nothing fancy but my passwords are safe

Just wondering, where do you store your private key? I mean, do you use some service?

for some reason tmux wont allow me to copy/paste a password into cli

good video, but i pretty dumb to really understand git and gpg2 pair keys, also i need otp and some kinde of secure and auto sync between my main PC and android (and well if i lose both my pc and android i still want to have access to all my pass and otp using a new 0km device using only 2 or 3 pass i remember very well... Actually i use bitwarden and Aegis for OTP but i want to change the otp for another more secure and portable, i can use bitwarden as a pass manager and otp but i refuse to do that, put all egg in the same basket means to loose all egg in a unfortunate accident

at @8:49 , are you sure the gpg flag for exporting secret key is "--export-secret-key" and not "--export-secret-keys" ? because i'm getting --export-secret-keyS on autocompletion.. man pages for gpg also show there is a keyS option, plural. my shell: bash. OS: ubuntu 23.04 x86_64

Hey, i love ur vim config, do you have an accessible version ?

How do you make the terminal prompt like that?

How are you getting master password prompt in terminal? Is it a kind of polkit agent? How did you set it up?

Do tutorial of you terminal configuration

Just to be sure, apart from the git remote you may or may not setup, there are no servers involved? Can I go offline and still use this?

I personally use gopass which is compatible api

How did you get a mac like topbar of the terminal app?

How secure is it to upload to remote github? If that account get hacked, aren’t all my passwords available for grabs…?

"I like to keep it simple, which, according to the acronym, makes me stupid." 🤣

arch :D

You'd only use this for novelty. It's not convenient at all for everyday use.

at 1:56 is that a floating terminal, and how can I replicate that? I'm asking cause when I get prompted to write my passphrase I get an ugly window.

What about if you need to login on another computer which does not have the encrypted keys setup?

Do you store recovery codes there too?

Sadly my android version is too new for the Android app... Let's see how much I do or don't need an Android version...

Can you make a macOS setup tour?