{"id":23104483,"url":"https://github.com/aviau/gopass","last_synced_at":"2025-12-14T23:37:31.308Z","repository":{"id":28912229,"uuid":"32437162","full_name":"aviau/gopass","owner":"aviau","description":"pass implementation in Go","archived":false,"fork":false,"pushed_at":"2022-11-19T02:20:33.000Z","size":402,"stargazers_count":23,"open_issues_count":3,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-08-16T16:44:08.158Z","etag":null,"topics":["git","go","gpg","password-store"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aviau.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-03-18T04:07:45.000Z","updated_at":"2025-05-31T22:51:39.000Z","dependencies_parsed_at":"2023-01-14T13:44:18.046Z","dependency_job_id":null,"html_url":"https://github.com/aviau/gopass","commit_stats":null,"previous_names":["reazem/gopass"],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/aviau/gopass","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aviau%2Fgopass","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aviau%2Fgopass/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aviau%2Fgopass/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aviau%2Fgopass/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aviau","download_url":"https://codeload.github.com/aviau/gopass/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aviau%2Fgopass/sbom","scorecard":{"id":218104,"data":{"date":"2025-08-11","repo":{"name":"github.com/aviau/gopass","commit":"e7848a2eb725a1bf70423848a20490bfb9ae8c86"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.8,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/tests.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/aviau/gopass/tests.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/aviau/gopass/tests.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/aviau/gopass/tests.yaml/master?enable=pin","Info:   0 out of   3 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: COPYING:0","Info: FSF or OSI recognized license: GNU General Public License v3.0: COPYING:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 4 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T02:00:26.921Z","repository_id":28912229,"created_at":"2025-08-17T02:00:26.921Z","updated_at":"2025-08-17T02:00:26.921Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":27739315,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-14T02:00:11.348Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["git","go","gpg","password-store"],"created_at":"2024-12-17T00:35:25.281Z","updated_at":"2025-12-14T23:37:31.288Z","avatar_url":"https://github.com/aviau.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# gopass\n\n[![GoDoc](https://godoc.org/github.com/aviau/gopass?status.svg)](http://godoc.org/github.com/aviau/gopass)\n\n\n[Pass](http://www.passwordstore.org/) implementation in Go.\n\nPassword management should be simple and follow Unix philosophy. With ``gopass``, each password lives inside of a ``gpg`` encrypted file whose filename is the title of the website or resource that requires the password. These encrypted files may be organized into meaningful folder hierarchies, copied from computer to computer, and, in general, manipulated using standard command line file management utilities.\n\n``gopass`` makes managing these individual password files extremely easy. All passwords live in ``~/.password-store``, and gopass provides some nice commands for adding, editing, generating, and retrieving passwords. It's capable of temporarily putting passwords on your clipboard and tracking password changes using git.\n\n## Motivation\n\nI love the ideas behind the original pass implementation, but I found that the codebase didn't match the simplicity of the design.\n\n## Project Status\n\nThis section was just added so that I could get an idea of where I am at.\n\n### ``gopass init``\n\n- [X] Creates a folder and a .gpg-id file\n- [X] Support ``--path`` option\n- [X] Support multiple GPG ids\n- [X] Re-encryption functionality\n\n### ``gopass insert``\n\n- [X] ``gopass insert test.com`` prompts for a password and creates a test.com.gpg file\n- [X] Multi-line support\n- [X] Create a git commit\n- [X] Prompt before overwriting an existing password, unless --force or -f is specified.\n- [ ] When inserting in a folder with a .gpg-id file, insert should use the .gpg-id file's key\n\n### ``gopass show``\n\n- [X] ``gopass show test.com`` will display the content of test.com.gpg\n- [X] ``--clip, -c`` copies the first line to the clipboard\n- [ ] ``--clip, -c`` clears after a while\n- [X] ``--password``, and ``--username`` options.\n\nAccepted format:\n```\n\u003cthe_password\u003e\nlogin: \u003cthe_login\u003e\nurl: \u003cthe_url\u003e\n```\n\n### ``gopass connect`` (or ``ssh``)\n\nThis new command should connect to a server using an encrypted rsa key.\n\n### ``gopass ls``\n\n- [X] ``gopass ls`` shows the content of the password store with ``tree``\n- [X] ``gopass`` invokes ``gopass ls`` by default\n- [X] ``gopass ls subfolder`` calls tree on the subfolder only\n- [ ] Hide .gpg at the end of each entry\n- [X] First output line should be ``Password Store``\n\n### ``gopass rm``\n\n- [X] ``gopass rm test.com`` removes the test.com.gpg file\n- [X] ``gopass remove`` and ``gopass delete`` aliases\n- [X] ``gopass rm -r folder`` (or ``--recursive``)  will remove a folder and all of it's content (not interactive!)\n- [X] Ask for confirmation\n\n### ``gopass find``\n\n- [X] ``gopass find python.org test`` will show a tree with password entries that match python.org or test\n- [X] Accepts one or many search terms\n\n### ``gopass cp``\n\n- [X] ``gopass cp old-path new-pah`` copies a password to a new path\n- [X] Dont overwrite\n\n### ``gopass mv``\n\n- [X] ``gopass mv old-path new-path`` moves a password to a new path\n- [X] Dont overwrite\n\n### ``gopass git``\n\n- [X] Pass commands to git\n- [ ] ``gopass git init`` should behave differently with an existing password store\n- [ ] Add tests\n\n### ``gopass edit``\n\n- [X] ``gopass edit test.com`` will open a text editor and let you edit the password\n\n### ``gopass grep``\n\n- [X] ``gopass grep searchstring`` will search for the given string inside all of the encrypted passwords\n\n\n### ``gopass generate``\n\n- [X] ``gopass generate [pass-name] [pass-length]`` Genrates a new password using of length pass-length and inserts it into pass-name.\n- [X] ``--no-symbols, -n``\n- [ ] ``--clip, -c``\n- [ ] ``--in-place, -i``\n- [X] ``--force, -f``\n- [X] Prompt before overwriting an existing password, unless --force or -f is specified.\n\n## Note\n\n- This isn't [gopass.pw](https://www.gopass.pw/).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faviau%2Fgopass","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faviau%2Fgopass","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faviau%2Fgopass/lists"}