Everyone needs a password manager.
I have dozens of credentials to several websites.
Re-using password across websites is no.
Memorizing dozens of different password is also a no.
The only way is to use a password manager.
For so long, I’ve been searching for the simplest possible password manager.
I only need two criteria: plaintext and git-friendly.
Yeah, you heard that right, it has to be plaintext.
But that doesn’t mean it has to be stored as real plain text, where everyone or every machine can read it.
That would be so wrong.
What I mean is it has to be stored as simple text files, not binary.
If you ever see the content of your public and private ssh keys, that’s what I mean.
I’ve been using git for my every digital activity, not just programming.
I store my blog content in the git repository.
I write documentation in the git repository.
Now I also want to store my password in the git repository.
By using it, I can do auditing on my own.
Also, it would be easy to sync between devices by using a git repository.
And I don’t need to depend on certain cloud services to sync my passwords.
I can use any computer or services with a private git repository.
pass is a simple, yet efficient password manager.
It’s actually a shell script utilizing gpg and git under the hood.
You can read more about it on their documentation.
Let’s get started.
First, we need to install the software.
Use your favorite package manager.
Since I’m using macOS, so I use brew.
What we need in our system are gpg, git, and pass.
Next, we need to generate our gpg key, if you don’t have one.
Simply type the following command.
Select RSA and RSA as the key kind.
The rule of thumb of key size is, the bigger it is the better.
Bigger key size meaning longer time to encrypt or decrypt.
But, using today technology, that won’t be a problem.
2048 should be enough, but you can choose 4096 for future-proof.
Set the key so it won’t expire.
Enter your full name and your main email.
Remember your email because it’s be used as your gpg ID.
You’ll be asked for a password.
Think of it as master password and memorize it.
You’ll need this to decrypt your stored passwords.
Follow the rest of the instruction and wait until the process finished.
Now let’s init your pass directory.
Use your previously created gpg email as ID.
Since we’re going to sync it through git repository, we also need to init the git repository.
Push the content of your password store to your git server for the first time.
Now before we add anything to our password store, we need to set an environment variable.
As you may recall earlier I want the password stored as text files.
By default, pass will store it as a binary file with .gpg extension.
We can actually change the output as ASCII-Armor.
To do that, open ~/.bashrc or ~/.bash_profile to set this environment variable.
Close and re-open your terminal so the environment variable is set.
Next, we can use the password store to generate random passwords.
For example, let’s create a random password for reddit.
To get the stored password, type following command.
You’ll be asked for your gpg password.
Remember to memorize your master password from the earlier step.
You can also store it in your clipboard instead of print it in stdout.
If you want to see how pass stores your password, the encrypted content looks like this:
Finally, you can push your passwords using git.
So that’s it.
In the next tutorial, I’ll write about how to sync it to other devices like your iPhone and iPad.