This is perhaps my favorite password manager for the terminal 

I've been using pass for a few years now and I learned lots watching this. Thanks so much!!

Been using this for years, even implemented it at the office, we have several password stores for different trust levels within the business. As well as promote technical staff to manage their own personal password-store. One thing to note, is that a single password-store can be setup with multiple GPG keys, password-store then uses multi-key encryption which allows any of the included parties to read data (as long as you have one of the private keys loaded in GPG), and write data (as long as you have all the public keys loaded in GPG). Combined with git, you can't ask for a better in-house solution in my opinion. EDIT: And I've just noticed others have mentioned this, oh well :)

What a great presentation of a great tool, using pass more than 4 years, love it.

Nice to see such a detailed explanation of a fantastic tool. I have not looked at anything else since I started using pass a few years ago.

The fact, that this can be used in bash scripts is amazing. I have a bunch of of scripts, to connect to various databases quickly and I was never compfortable with having the plain credentials directly in them. Thank you so so much. 🙏❤

I've been using pass for about 3 years now. Wish I had such an amazing video back when I started, would have helped with almost any issue I encountered (the only other one being NixOS specific). Your other videos seem interesting too, you definetly deserve the bell!

I have used this for years with smartcard for secret key storage with physical confirmation on the device. This is just an incredibly efficient solution. Thanks for the tutorial!

thank you, great content, and the graphics and quality of the video is just too great :)

So glad I ran into this video. I was about ready to build my own password manager. This looks really promising. None of the others caught my attention.

Excellent! Thank you

Wonderful channel, perfect content 🎉 thank you

Thanks for your videos! After trying neovim every couple of years and just bouncing hard, your vim setup + tmux videos finally got me going with something that sticks. I was considering some terminal-based thing myself. I'm very much a 1Password user, I've found their quick-fill UI is great to just pop up for fetching PWs or other info in an entry without needing my hands to leave the keyboard, so I haven't really needed it yet. I was extremely happy when I found that 1Password Connect is available even for my personal Family-tier account, so I've been experimenting with that on my homelab, and deploying credentials as code with 1Password's Terraform provider has been like a dream. It sits in its own vault so it only has access to that and not my personal stuff. Never have to bother with the credentials, Terraform and the provider sorts it out for me. Not trying to shill 1Password, just a very happy user. :-P

Great video as usual! ❤

i've been using pass with passmenu for almost 2 years now. such a great tool

Bravo! Best pass tutorial on the internet.

Great tips !!! Thank you !!!

You have all the videos for things i thought, I might do some day. just ❤

This seems like exactly what I wished to have for password manager, but I'm too lazy to migrate from my current password manager

Great content! Thanks for sharing.

Awesome trick using an alias to override the AWS CLI command. One trick I use is a 'pass-fzf' wrapper script so I can fuzzy search a password and pipe it to the clipboard to search and copy passwords quickly.

Super helpful , thank you

Love this, I’ve been using a proprietary pwd manager for some time and I just don’t enjoy it…. But have been too lazy to look into a self managed version like this. Another great vid, thanks for sharing!

Just subscribed! I never knew about this pass before. Your video is very informative

8:25 one thing terminal enthusiasts will never stop doing is mixing up GPG and PGP

Great video. Thanks

very nice!!!

This video was just perfect.

thanks a ton. It was really well explained, btw also a terminal guy❤

Top tutorial. Thank you

I love this

Yes finally someone stated gnu-pass. Been using it for 6 years never had an issue with it. Synchronised passwords across multi devices just using a git account. No need to worry since key doesn't belong in the application itself.

This is nice, I currently just write my passwords on paper because they can't be hacked but I might switch to something like this

KeePassXC + SyncThing = ✊ I started the transition from Bitwarden to my new setup about a couple of months ago: no MEGA, no Dropbox anti-privacy bullshit - my vaults never leave my devices. Data sovereignty. Working wonderfully integrating with all the devices where I might need to access passwords and sensible data in general: my laptop, my battle-station, my pocket-computer-stupidly-referred-as-smartphone, and my tablet.

Aweome! Recently I am learning from your videos a lot. Would be great if you release at a video how to make ArchLinux looks so beautiful. A complete series on managing local environment, dotfiles (with scalability and interoperability in mind) and system setup would be a great help for us. I watched your videos about Tmux, NvChad as well. Those also were a great help for me. Thanks a lot.

Great video

Looks amazing tbh ill have to add it to the list of things ..

So we store entire log of all edits in GitHub, each password encrypted individually, so any reuse is obvious without the key. And unencrypted passwords are in terminal memory until we close the terminal. Does it at least support yubikey?

oh this nice option, thanks

If you are gonna use a password manager, always fork the project and read the code before using it. FOSS communities are normally audited by the contributors, and they are unlikely to be dangerous. But you wanna be extra sure about the place you are writing all your passwords.

anyway how you can change the default text editor on pass, the default is use vi, i want to use neovim

does anybody know if password-store is usable with windows? i'm not the most tech proficient person, but this video did get me to use password-store as my main password manager whilst using ubuntu, and now i would like to use it with windows, but i don't see a rather simple way to install it. am i missing something or do i simply have to find another option?

Hey, I've seen your terminal and fell in love, have you made a video covering your setup, if not would you be willing to upload the configs?

can it also encrypt and keep other file formats for example I want to store my ID card image, or bank statement pdf so that I can keep it uploaded on github and at the same time they are encrypted

for aws cli (and possibly a bunch of others) it's actually possible to make aws ask passwordstore directly, no need to export credentials as environment variables, no need to alias etc.

well it good idea in case of mistake and backup system. Which is good thing.

This is cool and all, but how do you manage when you want to login to smt on mobile?

how did you get rounded corner in your vim/neovim pop-up for auto completion at 5:23 ?

5:11 Important security note! Disable the editor's backup system if it has one. For example, use `export EDITOR=rnano` instead of `export EDITOR=nano`. Just noticed this mistake recently -- all my edited password files in plain text!

1:18 Dropping a like after use hearing that you use Arch. By the way it is mainly because I also use Arch.

Thank you "-)

Please consider cover some practical situations like syncing different git local repositories stored in different machines, so they may evolve adding or deleting keys, but they may need to be "synced".

How do you make the terminal prompt like that?

what i'm having trouble understanding is how is this different from using a combination of gnupg + git ? Both password store and gnupg will create encrypted files where you can store passwords. and then you can use git to keep history and upload encrypted files

I'm trying to set up this with github, but I don't know how to authenticate to it. Can someone explain how to do that for pass?

Could be do passkey on local system Like using raspberry pi

there's also a an integration with dmenu `pass-menu` which is great , and one with fzf too!

What's a recommended process for also keeping user names? User name in xclip primary (middle mouse button) and password in xclip clipboard would be nice. Is there anything like that in Pass.

Keybase for the gpg key store?

How did you get a mac like topbar of the terminal app?

Thanks for video, have question - Is there any way to safely store a backup of the GPG private key in public repositories such as google-disk, or GitHub etc?

My current workflow is KeepassXC with a script that use it's cli command tool.

at @8:49 , are you sure the gpg flag for exporting secret key is "--export-secret-key" and not "--export-secret-keys" ? because i'm getting --export-secret-keyS on autocompletion.. man pages for gpg also show there is a keyS option, plural. my shell: bash. OS: ubuntu 23.04 x86_64

I kinda like bitwarden. They had cli too and if you're a bit paranoid you can always self-host them

I always tend to forget the gpg commands. So I switched to keepassxc.

Hey, do you have a video about your Linux terminal setup?

what DE or TWM do you use?

I absolutely love this!! One thing I'm missing, I usually like bitwarden because I can also use it from my phone if I need to copy, for example, my paypal or bank account password so I can log in from my phone Does anyone know if someone already created some sort of mobile client so we can use basic features like copying or editing a password from the phone??

Do you have a video or guide on how to set up your terminal colors and especially the vim/tmux setup?

This is great, but doesn't seem very convenient compared to having a browser add-on that will automatically list matching sites based on the domain (thus preventing phishing), show you a prompt to add/update the password in your vault, automatically sync all changes, and is available on mobile.

Great video. Thank you so much. A couple of questions. 1) how do you copy the username/email/other metadata to the clipboard without exposing the password? 2) how can this be used on mobile devices?

Unrelated to the video, but do you edit these videos on Arch? If so, what video editor do you use? Love your stuff!

My notebook is the best password manager, it has never been compromised, I can always get back in and the transfer from once device to another is easy as well.

Could someone please explain the dis-advantage of storing the AES256 encrypted private key in the same Github repository?

Been using pass for years (with the "passmenu" dmenu script on a keyboard shortcut) and love it. A side note for teams, or cases where you might want to share your passwords, it is possible to encrypt passwords with multiple keys! pass init shared/BlueTeam/ Now both key1 and key2 can decrypt the passwords stored in the BlueTeam subdirectory (and all subdirectories of BlueTeam so be aware). As pass was used at work the root of my password directory was split into two (~/.password-store/personal and /shared). Setting the personal directory to be ignored via the git ignore file. Backed that up using rsync to a separate solution, and this way my passwords didn't make the shared dir more chaotic for others. Though if you use QtPass (which works on Linux, Mac and Windows) you can define multiple password stores with separate git repositories so you don't have to be quite as terminal-goblin-y to get the same effect. One last thing: if you use Thunderbird with PGP, you may want to get a separate password PGP key. Otherwise your passwords can be decrypted using a left-open Thunderbird client (I know, physical access etc so only if this fits in your threat model). Actually used this to re-encrypt some passwords one time.

How are you getting master password prompt in terminal? Is it a kind of polkit agent? How did you set it up?

at 1:56 is that a floating terminal, and how can I replicate that? I'm asking cause when I get prompted to write my passphrase I get an ugly window.

Is there a similar alternative for Windows?

What about if you need to login on another computer which does not have the encrypted keys setup?

Just wondering, where do you store your private key? I mean, do you use some service?

Dude! Bravo on a great video! Obviously you put a lot of effort into your videos. Every aspect of this video (script, video, audio, post production and voice-over) is top notch! Looking forward to exploring your channel further. Oh, and you answered my questions on how to integrate git with pass and provided some great examples to take my own skills even further than I was thinking I needed to go. Subscribe... check!

for some reason tmux wont allow me to copy/paste a password into cli

How'd you make it so that your macbook's host is named `amaterasu` and not its local IP address?

Is this available for Windows?

How secure is it to upload to remote github? If that account get hacked, aren’t all my passwords available for grabs…?

Hey, i love ur vim config, do you have an accessible version ?

Bitwarden can be self hosted so will it be safe?

Vulnerable password manager

Do you store recovery codes there too?

what is the font you are using?

think this is the only video I intentionally "watched" post-roll ads for...

Clear and concise. Noice video! When you went over to macOS the rounded icons in statusline for tmux didn't look funky, whereas with any terminal emulator I tried, they look... weird. Back when I still used p10k, those looked kind of horrible as well. Did you find a way to fix it, or is that just another less popular terminal emulator?

I just can't get the gpg prompt to run without a terminal, pass-menu is kind of useless in my use case.

Just to be sure, apart from the git remote you may or may not setup, there are no servers involved? Can I go offline and still use this?

there is also gopass, which is cross platform, and, as the name suggests uses go instead of a bash script

Small correction: Bitwarden can't be hacked. Like literally. They don't store any actual passwords. All the passwords are encrypted by your degice and the entire blob is sent to the server to sync. You can verify this, because the protocol is open source.

good video, but i pretty dumb to really understand git and gpg2 pair keys, also i need otp and some kinde of secure and auto sync between my main PC and android (and well if i lose both my pc and android i still want to have access to all my pass and otp using a new 0km device using only 2 or 3 pass i remember very well... Actually i use bitwarden and Aegis for OTP but i want to change the otp for another more secure and portable, i can use bitwarden as a pass manager and otp but i refuse to do that, put all egg in the same basket means to loose all egg in a unfortunate accident

My favorite is a txt file encrypted with vim

Sadly my android version is too new for the Android app... Let's see how much I do or don't need an Android version...

Yubikey sounds like an obvious thing to improve the experience with gpg keys here

I personally use gopass which is compatible api