h8rt3rmin8r

man pass

Jan 24th, 2019
935
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. PASS(1) Password Store PASS(1)
  2.  
  3. NAME
  4. pass - stores, retrieves, generates, and synchronizes passwords
  5. securely
  6.  
  7. SYNOPSIS
  8. pass [ COMMAND ] [ OPTIONS ]... [ ARGS ]...
  9.  
  10. DESCRIPTION
  11. pass is a very simple password store that keeps passwords inside
  12. gpg2(1) encrypted files inside a simple directory tree residing at
  13. ~/.password-store. The pass utility provides a series of commands for
  14. manipulating the password store, allowing the user to add, remove,
  15. edit, synchronize, generate, and manipulate passwords.
  16.  
  17. If no COMMAND is specified, COMMAND defaults to either show or ls,
  18. depending on the type of specifier in ARGS. Alternatively, if PASS‐
  19. WORD_STORE_ENABLE_EXTENSIONS is set to "true", and the file .exten‐
  20. sions/COMMAND.bash exists inside the password store and is executable,
  21. then it is sourced into the environment, passing any arguments and
  22. environment variables. Extensions existing in a system-wide directory,
  23. only installable by the administrator, are always enabled.
  24.  
  25. Otherwise COMMAND must be one of the valid commands listed below.
  26.  
  27. Several of the commands below rely on or provide additional functional‐
  28. ity if the password store directory is also a git repository. If the
  29. password store directory is a git repository, all password store modi‐
  30. fication commands will cause a corresponding git commit. Sub-directo‐
  31. ries may be separate nested git repositories, and pass will use the
  32. inner-most directory relative to the current password. See the EXTENDED
  33. GIT EXAMPLE section for a detailed description using init and git(1).
  34.  
  35. The init command must be run before other commands in order to initial‐
  36. ize the password store with the correct gpg key id. Passwords are
  37. encrypted using the gpg key set with init.
  38.  
  39. There is a corresponding bash completion script for use with tab com‐
  40. pleting password names in bash(1).
  41.  
  42. COMMANDS
  43. init [ --path=sub-folder, -p sub-folder ] gpg-id...
  44. Initialize new password storage and use gpg-id for encryption.
  45. Multiple gpg-ids may be specified, in order to encrypt each
  46. password with multiple ids. This command must be run first
  47. before a password store can be used. If the specified gpg-id is
  48. different from the key used in any existing files, these files
  49. will be reencrypted to use the new id. Note that use of gpg-
  50. agent(1) is recommended so that the batch decryption does not
  51. require as much user intervention. If --path or -p is specified,
  52. along with an argument, a specific gpg-id or set of gpg-ids is
  53. assigned for that specific sub folder of the password store. If
  54. only one gpg-id is given, and it is an empty string, then the
  55. current .gpg-id file for the specified sub-folder (or root if
  56. unspecified) is removed.
  57.  
  58. ls subfolder
  59. List names of passwords inside the tree at subfolder by using
  60. the tree(1) program. This command is alternatively named list.
  61.  
  62. grep search-string
  63. Searches inside each decrypted password file for search-string,
  64. and displays line containing matched string along with filename.
  65. Uses grep(1) for matching. Make use of the GREP_OPTIONS environ‐
  66. ment variable to set particular options.
  67.  
  68. find pass-names...
  69. List names of passwords inside the tree that match pass-names by
  70. using the tree(1) program. This command is alternatively named
  71. search.
  72.  
  73. show [ --clip[=line-number], -c[line-number] ] [ --qrcode[=line-num‐
  74. ber], -q[line-number] ] pass-name
  75. Decrypt and print a password named pass-name. If --clip or -c is
  76. specified, do not print the password but instead copy the first
  77. (or otherwise specified) line to the clipboard using xclip(1)
  78. and then restore the clipboard after 45 (or PASS‐
  79. WORD_STORE_CLIP_TIME) seconds. If --qrcode or -q is specified,
  80. do not print the password but instead display a QR code using
  81. qrencode(1) either to the terminal or graphically if supported.
  82.  
  83. insert [ --echo, -e | --multiline, -m ] [ --force, -f ] pass-name
  84. Insert a new password into the password store called pass-name.
  85. This will read the new password from standard in. If --echo or
  86. -e is not specified, disable keyboard echo when the password is
  87. entered and confirm the password by asking for it twice. If
  88. --multiline or -m is specified, lines will be read until EOF or
  89. Ctrl+D is reached. Otherwise, only a single line from standard
  90. in is read. Prompt before overwriting an existing password,
  91. unless --force or -f is specified. This command is alternatively
  92. named add.
  93.  
  94. edit pass-name
  95. Insert a new password or edit an existing password using the
  96. default text editor specified by the environment variable EDITOR
  97. or using editor(1) as a fallback. This mode makes use of tempo‐
  98. rary files for editing, but care is taken to ensure that tempo‐
  99. rary files are created in /dev/shm in order to avoid writing to
  100. difficult-to-erase disk sectors. If /dev/shm is not accessible,
  101. fallback to the ordinary TMPDIR location, and print a warning.
  102.  
  103. generate [ --no-symbols, -n ] [ --clip, -c ] [ --in-place, -i |
  104. --force, -f ] pass-name [pass-length]
  105. Generate a new password using /dev/urandom of length pass-length
  106. (or PASSWORD_STORE_GENERATED_LENGTH if unspecified) and insert
  107. into pass-name. If --no-symbols or -n is specified, do not use
  108. any non-alphanumeric characters in the generated password. The
  109. character sets used in generating passwords can be changed with
  110. the PASSWORD_STORE_CHARACTER_SET and PASSWORD_STORE_CHARAC‐
  111. TER_SET_NO_SYMBOLS environment variables, described below. If
  112. --clip or -c is specified, do not print the password but instead
  113. copy it to the clipboard using xclip(1) and then restore the
  114. clipboard after 45 (or PASSWORD_STORE_CLIP_TIME) seconds. If
  115. --qrcode or -q is specified, do not print the password but
  116. instead display a QR code using qrencode(1) either to the termi‐
  117. nal or graphically if supported. Prompt before overwriting an
  118. existing password, unless --force or -f is specified. If --in-
  119. place or -i is specified, do not interactively prompt, and only
  120. replace the first line of the password file with the new gener‐
  121. ated password, keeping the remainder of the file intact.
  122.  
  123. rm [ --recursive, -r ] [ --force, -f ] pass-name
  124. Remove the password named pass-name from the password store.
  125. This command is alternatively named remove or delete. If
  126. --recursive or -r is specified, delete pass-name recursively if
  127. it is a directory. If --force or -f is specified, do not inter‐
  128. actively prompt before removal.
  129.  
  130. mv [ --force, -f ] old-path new-path
  131. Renames the password or directory named old-path to new-path.
  132. This command is alternatively named rename. If --force is speci‐
  133. fied, silently overwrite new-path if it exists. If new-path ends
  134. in a trailing /, it is always treated as a directory. Passwords
  135. are selectively reencrypted to the corresponding keys of their
  136. new destination.
  137.  
  138. cp [ --force, -f ] old-path new-path
  139. Copies the password or directory named old-path to new-path.
  140. This command is alternatively named copy. If --force is speci‐
  141. fied, silently overwrite new-path if it exists. If new-path ends
  142. in a trailing /, it is always treated as a directory. Passwords
  143. are selectively reencrypted to the corresponding keys of their
  144. new destination.
  145.  
  146. git git-command-args...
  147. If the password store is a git repository, pass git-command-args
  148. as arguments to git(1) using the password store as the git
  149. repository. If git-command-args is init, in addition to initial‐
  150. izing the git repository, add the current contents of the pass‐
  151. word store to the repository in an initial commit. If the git
  152. config key pass.signcommits is set to true, then all commits
  153. will be signed using user.signingkey or the default git signing
  154. key. This config key may be turned on using: `pass git config
  155. --bool --add pass.signcommits true`
  156.  
  157. help Show usage message.
  158.  
  159. version
  160. Show version information.
  161.  
  162. SIMPLE EXAMPLES
  163. Initialize password store
  164. zx2c4@laptop ~ $ pass init Jason@zx2c4.com
  165. mkdir: created directory ‘/home/zx2c4/.password-store’
  166. Password store initialized for Jason@zx2c4.com.
  167.  
  168. List existing passwords in store
  169. zx2c4@laptop ~ $ pass
  170. Password Store
  171. ├── Business
  172. │ ├── some-silly-business-site.com
  173. │ └── another-business-site.net
  174. ├── Email
  175. │ ├── donenfeld.com
  176. │ └── zx2c4.com
  177. └── France
  178. ├── bank
  179. ├── freebox
  180. └── mobilephone
  181.  
  182. Alternatively, "pass ls".
  183.  
  184. Find existing passwords in store that match .com
  185. zx2c4@laptop ~ $ pass find .com
  186. Search Terms: .com
  187. ├── Business
  188. │ ├── some-silly-business-site.com
  189. └── Email
  190. ├── donenfeld.com
  191. └── zx2c4.com
  192.  
  193. Alternatively, "pass search .com".
  194.  
  195. Show existing password
  196. zx2c4@laptop ~ $ pass Email/zx2c4.com
  197. sup3rh4x3rizmynam3
  198.  
  199. Copy existing password to clipboard
  200. zx2c4@laptop ~ $ pass -c Email/zx2c4.com
  201. Copied Email/jason@zx2c4.com to clipboard. Will clear in 45 sec‐
  202. onds.
  203.  
  204. Add password to store
  205. zx2c4@laptop ~ $ pass insert Business/cheese-whiz-factory
  206. Enter password for Business/cheese-whiz-factory: omg so much
  207. cheese what am i gonna do
  208.  
  209. Add multiline password to store
  210. zx2c4@laptop ~ $ pass insert -m Business/cheese-whiz-factory
  211. Enter contents of Business/cheese-whiz-factory and press Ctrl+D
  212. when finished:
  213.  
  214. Hey this is my
  215. awesome
  216. multi
  217. line
  218. passworrrrrrrrd.
  219. ^D
  220.  
  221. Generate new password
  222. zx2c4@laptop ~ $ pass generate Email/jasondonenfeld.com 15
  223. The generated password to Email/jasondonenfeld.com is:
  224. $(-QF&Q=IN2nFBx
  225.  
  226. Generate new alphanumeric password
  227. zx2c4@laptop ~ $ pass generate -n Email/jasondonenfeld.com 12
  228. The generated password to Email/jasondonenfeld.com is:
  229. YqFsMkBeO6di
  230.  
  231. Generate new password and copy it to the clipboard
  232. zx2c4@laptop ~ $ pass generate -c Email/jasondonenfeld.com 19
  233. Copied Email/jasondonenfeld.com to clipboard. Will clear in 45
  234. seconds.
  235.  
  236. Remove password from store
  237. zx2c4@laptop ~ $ pass remove Business/cheese-whiz-factory
  238. rm: remove regular file ‘/home/zx2c4/.password-store/Busi‐
  239. ness/cheese-whiz-factory.gpg’? y
  240. removed ‘/home/zx2c4/.password-store/Business/cheese-whiz-fac‐
  241. tory.gpg’
  242.  
  243. EXTENDED GIT EXAMPLE
  244. Here, we initialize new password store, create a git repository, and
  245. then manipulate and sync passwords. Make note of the arguments to the
  246. first call of pass git push; consult git-push(1) for more information.
  247.  
  248. zx2c4@laptop ~ $ pass init Jason@zx2c4.com
  249. mkdir: created directory ‘/home/zx2c4/.password-store’
  250. Password store initialized for Jason@zx2c4.com.
  251.  
  252. zx2c4@laptop ~ $ pass git init
  253. Initialized empty Git repository in /home/zx2c4/.password-store/.git/
  254. [master (root-commit) 998c8fd] Added current contents of password
  255. store.
  256. 1 file changed, 1 insertion(+)
  257. create mode 100644 .gpg-id
  258.  
  259. zx2c4@laptop ~ $ pass git remote add origin kexec.com:pass-store
  260.  
  261. zx2c4@laptop ~ $ pass generate Amazon/amazonemail@email.com 21
  262. mkdir: created directory ‘/home/zx2c4/.password-store/Amazon’
  263. [master 30fdc1e] Added generated password for Amazon/amazone‐
  264. mail@email.com to store.
  265. 1 file changed, 0 insertions(+), 0 deletions(-)
  266. create mode 100644 Amazon/amazonemail@email.com.gpg
  267. The generated password to Amazon/amazonemail@email.com is:
  268. <5m,_BrZY`antNDxKN<0A
  269.  
  270. zx2c4@laptop ~ $ pass git push -u --all
  271. Counting objects: 4, done.
  272. Delta compression using up to 2 threads.
  273. Compressing objects: 100% (3/3), done.
  274. Writing objects: 100% (4/4), 921 bytes, done.
  275. Total 4 (delta 0), reused 0 (delta 0)
  276. To kexec.com:pass-store
  277. * [new branch] master -> master
  278. Branch master set up to track remote branch master from origin.
  279.  
  280. zx2c4@laptop ~ $ pass insert Amazon/otheraccount@email.com
  281. Enter password for Amazon/otheraccount@email.com:
  282. som3r3a11yb1gp4ssw0rd!!88**
  283. [master b9b6746] Added given password for Amazon/otheraccount@email.com
  284. to store.
  285. 1 file changed, 0 insertions(+), 0 deletions(-)
  286. create mode 100644 Amazon/otheraccount@email.com.gpg
  287.  
  288. zx2c4@laptop ~ $ pass rm Amazon/amazonemail@email.com
  289. rm: remove regular file ‘/home/zx2c4/.password-store/Amazon/amazone‐
  290. mail@email.com.gpg’? y
  291. removed ‘/home/zx2c4/.password-store/Amazon/amazonemail@email.com.gpg’
  292. rm 'Amazon/amazonemail@email.com.gpg'
  293. [master 288b379] Removed Amazon/amazonemail@email.com from store.
  294. 1 file changed, 0 insertions(+), 0 deletions(-)
  295. delete mode 100644 Amazon/amazonemail@email.com.gpg
  296.  
  297. zx2c4@laptop ~ $ pass git push
  298. Counting objects: 9, done.
  299. Delta compression using up to 2 threads.
  300. Compressing objects: 100% (5/5), done.
  301. Writing objects: 100% (7/7), 1.25 KiB, done.
  302. Total 7 (delta 0), reused 0 (delta 0)
  303. To kexec.com:pass-store
  304.  
  305. FILES
  306. ~/.password-store
  307. The default password storage directory.
  308.  
  309. ~/.password-store/.gpg-id
  310. Contains the default gpg key identification used for encryption
  311. and decryption. Multiple gpg keys may be specified in this
  312. file, one per line. If this file exists in any sub directories,
  313. passwords inside those sub directories are encrypted using those
  314. keys. This should be set using the init command.
  315.  
  316. ~/.password-store/.extensions
  317. The directory containing extension files.
  318.  
  319. ENVIRONMENT VARIABLES
  320. PASSWORD_STORE_DIR
  321. Overrides the default password storage directory.
  322.  
  323. PASSWORD_STORE_KEY
  324. Overrides the default gpg key identification set by init. Keys
  325. must not contain spaces and thus use of the hexadecimal key sig‐
  326. nature is recommended. Multiple keys may be specified separated
  327. by spaces.
  328.  
  329. PASSWORD_STORE_GPG_OPTS
  330. Additional options to be passed to all invocations of GPG.
  331.  
  332. PASSWORD_STORE_X_SELECTION
  333. Overrides the selection passed to xclip, by default clipboard.
  334. See xclip(1) for more info.
  335.  
  336. PASSWORD_STORE_CLIP_TIME
  337. Specifies the number of seconds to wait before restoring the
  338. clipboard, by default 45 seconds.
  339.  
  340. PASSWORD_STORE_UMASK
  341. Sets the umask of all files modified by pass, by default 077.
  342.  
  343. PASSWORD_STORE_GENERATED_LENGTH
  344. The default password length if the pass-length parameter to gen‐
  345. erate is unspecified.
  346.  
  347. PASSWORD_STORE_CHARACTER_SET
  348. The character set to be used in password generation for gener‐
  349. ate. This value is to be interpreted by tr. See tr(1) for more
  350. info.
  351.  
  352. PASSWORD_STORE_CHARACTER_SET_NO_SYMBOLS
  353. The character set to be used in no-symbol password generation
  354. for generate, when --no-symbols, -n is specified. This value is
  355. to be interpreted by tr. See tr(1) for more info.
  356.  
  357. PASSWORD_STORE_ENABLE_EXTENSIONS
  358. This environment variable must be set to "true" for extensions
  359. to be enabled.
  360.  
  361. PASSWORD_STORE_EXTENSIONS_DIR
  362. The location to look for executable extension files, by default
  363. PASSWORD_STORE_DIR/.extensions.
  364.  
  365. PASSWORD_STORE_SIGNING_KEY
  366. If this environment variable is set, then all .gpg-id files and
  367. non-system extension files must be signed using a detached sig‐
  368. nature using the GPG key specified by the full 40 character
  369. upper-case fingerprint in this variable. If multiple finger‐
  370. prints are specified, each separated by a whitespace character,
  371. then signatures must match at least one. The init command will
  372. keep signatures of .gpg-id files up to date.
  373.  
  374. EDITOR The location of the text editor used by edit.
  375.  
  376. SEE ALSO
  377. gpg2(1), tr(1), git(1), xclip(1), qrencode(1).
  378.  
  379. AUTHOR
  380. pass was written by Jason A. Donenfeld ⟨Jason@zx2c4.com⟩. For updates
  381. and more information, a project page is available on the World Wide Web
  382. ⟨http://www.passwordstore.org/⟩.
  383.  
  384. COPYING
  385. This program is free software; you can redistribute it and/or modify it
  386. under the terms of the GNU General Public License as published by the
  387. Free Software Foundation; either version 2 of the License, or (at your
  388. option) any later version.
  389.  
  390. This program is distributed in the hope that it will be useful, but
  391. WITHOUT ANY WARRANTY; without even the implied warranty of MER‐
  392. CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
  393. Public License for more details.
  394.  
  395. You should have received a copy of the GNU General Public License along
  396. with this program; if not, write to the Free Software Foundation, Inc.,
  397. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  398.  
  399. ZX2C4 2014 March 18 PASS(1)
RAW Paste Data