{"id":15209583,"url":"https://github.com/ijhack/qtpass","last_synced_at":"2025-05-15T18:03:22.420Z","repository":{"id":19249702,"uuid":"22485068","full_name":"IJHack/QtPass","owner":"IJHack","description":"QtPass is a multi-platform GUI for pass, the standard unix password manager.","archived":false,"fork":false,"pushed_at":"2024-11-26T23:50:58.000Z","size":54861,"stargazers_count":1056,"open_issues_count":133,"forks_count":164,"subscribers_count":42,"default_branch":"main","last_synced_at":"2025-05-15T18:02:51.111Z","etag":null,"topics":["c-plus-plus","git","gpg","password-generator","password-manager","password-vault","qt5"],"latest_commit_sha":null,"homepage":"https://qtpass.org/","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"openstack/openstack-ansible-os_magnum","license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/IJHack.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"annejan"}},"created_at":"2014-07-31T21:07:58.000Z","updated_at":"2025-04-24T07:22:15.000Z","dependencies_parsed_at":"2023-02-14T11:31:54.961Z","dependency_job_id":"e8841acc-61b0-40d7-89f2-4df4cfa047fe","html_url":"https://github.com/IJHack/QtPass","commit_stats":{"total_commits":2385,"total_committers":158,"mean_commits":"15.094936708860759","dds":"0.39119496855345914","last_synced_commit":"d7cf4237af3932ce0060516a1614041b7ba43954"},"previous_names":[],"tags_count":34,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IJHack%2FQtPass","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IJHack%2FQtPass/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IJHack%2FQtPass/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IJHack%2FQtPass/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/IJHack","download_url":"https://codeload.github.com/IJHack/QtPass/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254394719,"owners_count":22063984,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c-plus-plus","git","gpg","password-generator","password-manager","password-vault","qt5"],"created_at":"2024-09-28T07:41:28.832Z","updated_at":"2025-05-15T18:03:22.385Z","avatar_url":"https://github.com/IJHack.png","language":"C++","funding_links":["https://github.com/sponsors/annejan"],"categories":[],"sub_categories":[],"readme":"# QtPass\n\n[![latest packaged version(s)](https://repology.org/badge/latest-versions/qtpass.svg)](https://repology.org/metapackage/qtpass)\n[![Build status](https://ci.appveyor.com/api/projects/status/9rjnj72rdir7u9eg/branch/master?svg=true)](https://ci.appveyor.com/project/annejan/qtpass/branch/master)\n[![Coverity scan](https://scan.coverity.com/projects/5266/badge.svg)](https://scan.coverity.com/projects/ijhack-qtpass)\n[![Coverage Status](https://coveralls.io/repos/github/IJHack/QtPass/badge.svg)](https://coveralls.io/github/IJHack/QtPass)\n[![codecov](https://codecov.io/gh/IJhack/QtPass/branch/master/graph/badge.svg)](https://codecov.io/gh/IJhack/QtPass)\n[![CodeFactor](https://www.codefactor.io/repository/github/ijhack/qtpass/badge)](https://www.codefactor.io/repository/github/ijhack/qtpass)\n[![Packaging status](https://repology.org/badge/tiny-repos/qtpass.svg)](https://repology.org/metapackage/qtpass)\n[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2FIJHack%2FQtPass.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2FIJHack%2FQtPass?ref=badge_shield)\n[![Translation status](https://hosted.weblate.org/widgets/qtpass/-/qtpass/svg-badge.svg)](https://hosted.weblate.org/engage/qtpass/?utm_source=widget)\n[![QMake Github Action](https://github.com/IJHack/QtPass/workflows/QMake/badge.svg)](https://github.com/IJHack/QtPass/actions)\n\nQtPass is a GUI for [pass](https://www.passwordstore.org/),\nthe standard unix password manager.\n\n## Features\n\n* Using `pass` or `git` and `gpg2` directly\n* Configurable shoulder surfing protection options\n* Cross platform: Linux, BSD, macOS and Windows\n* Per-folder user selection for multi recipient encryption\n* Multiple profiles\n* Easy onboarding\n\nLogo based on [Heart-padlock by AnonMoos](https://commons.wikimedia.org/wiki/File:Heart-padlock.svg).\n\n## Installation\n\n### From package\n\nOpenSUSE \u0026 Fedora\n`yum install qtpass`\n`dnf install qtpass`\n\nDebian, Ubuntu and derivates like Mint, Kali \u0026 Raspbian\n`apt-get install qtpass`\n\nArch Linux\n`pacman -S qtpass`\n\nGentoo\n`emerge -atv qtpass`\n\nSabayon\n`equo install qtpass`\n\nFreeBSD\n`pkg install qtpass`\n\nmacOS\n`brew install --cask qtpass`\n\nWindows\n`choco install qtpass`\n\n[![Packaging status](https://repology.org/badge/vertical-allrepos/qtpass.svg)](https://repology.org/metapackage/qtpass)\n[![Translation status](https://hosted.weblate.org/widgets/qtpass/-/multi-auto.svg)](https://hosted.weblate.org/engage/qtpass/?utm_source=widget)\n\n### From Source\n\n#### Dependencies\n\n* QtPass requires Qt 5.10 or later (Qt 6 works too)\n* The Linguist package is required to compile the translations.\n* For use of the fallback icons the SVG library is required.\n\nAt runtime the only real dependency is `gpg2` but to make the most of it, you'll need `git` and `pass` too.\n\nYour GPG has to be set-up with a graphical pinentry when applicable, same goes for git authentication.\nOn Mac macOS this currently seems to only work best with `pinentry-mac` from homebrew, although gpgtools works too.\n\nOn most unix systems all you need is:\n\n```sh\nqmake \u0026\u0026 make \u0026\u0026 make install\n```\n\n## Using profiles\n\nProfiles allow to group passwords. Each profile might use a different git repository and/or different gpg key.\nEach profile also can be associated with a pass store singing key to verify the detached .gpg-id signature.\nA typical use case is to separate personal and work passwords.\n\n\u003e **Hint**\u003cbr\u003e\n\u003e Instead of using different git repositories for the various profiles passwords could be synchronized with different\n\u003e branches from the same repository. Just clone the repository into the profile folders and checkout the related\n\u003e branch.\n\n### Example\n\nThe following commands set up two profile folders:\n\n```sh\ncd ~/.password-store/\ngit clone https://github.com/vendor/personal-passwords personal \u0026\u0026 echo \"personal/\" \u003e\u003e .gitignore\ngit clone https://github.com/company/group-passwords work \u0026\u0026 echo \"work/\" \u003e\u003e .gitignore\npass init -p personal [personal GnuPG-ID] \u0026\u0026 git -C personal push\npass init -p work [work GnuPG-ID] \u0026\u0026 git -C work push\n```\n\n**Note:**\n\n* Replace `[personal GnuPG-ID]` and `[work GnuPG-ID]` with the ID from the related GnuPG key.\n* The parts `echo ... \u003e\u003e .gitignore` are just needed in case there is a git repository present in the base directory.\n\nOnce the repositories and GnuPG-ID's have been defined the profiles can be set up in QtPass.\n\n### Links of interest\n\n* [Git Tools - Credential Storage](https://git-scm.com/book/en/v2/Git-Tools-Credential-Storage)\n* [Dealing with secrets](https://gist.github.com/maelvls/79d49740ce9208c26d6a1b10b0d95b5e)\n* [Git Credential Manager](https://github.com/GitCredentialManager/git-credential-manager)\n* [password-store](https://git.zx2c4.com/password-store/about/)\n\n## Testing\n\nThis is done with `make check`\n\nCodecoverage can be done with `make lcov`, `make gcov`, `make coveralls` and/or `make codecov`.\n\nBe sure to first run: `make distclean \u0026\u0026 qmake CONFIG+=coverage qtpass.pro`\n\n## Security considerations\n\nUsing this program will not magically keep your passwords secure against\ncompromised computers even if you use it in combination with a smartcard.\n\nIt does protect future and changed passwords though against anyone with access to\nyour password store only but not your keys.\nUsed with a smartcard it also protects against anyone just monitoring/copying\nall files/keystrokes on that machine and such an attacker would only gain access\nto the passwords you actually use.\nOnce you plug in your smartcard and enter your PIN (or due to CVE-2015-3298\neven without your PIN) all your passwords available to the machine can be\ndecrypted by it, if there is malicious software targeted specifically against\nit installed (or at least one that knows how to use a smartcard).\n\nTo get better protection out of use with a smartcard even against a targeted\nattack I can think of at least two options:\n\n* The smartcard must require explicit confirmation for each decryption operation.\n  Or if it just provides a counter for decrypted data you could at least notice\n  an attack afterwards, though at quite some effort on your part.\n* Use a different smartcard for each (group of) key.\n* If using a YubiKey or U2F module or similar that requires a \"button\" press for\n  other authentication methods you can use one OTP/U2F enabled WebDAV account per\n  password (or groups of passwords) as a quite inconvenient workaround.\n  Unfortunately I do not know of any WebDAV service with OTP support except ownCloud\n  (so you would have to run your own server).\n\n## Known issues\n\n* Filtering (searching) breaks the tree/model sometimes\n* Starting without a correctly set password-store folder\n  gives weird results in the tree view\n\n## Planned features\n\n* Plugins based on field name, plugins follow same format as password files\n* Colour coding folders (possibly disabling folders you can't decrypt)\n* Optional table view of decrypted folder contents\n* Opening of (basic auth) URLs in default browser?\n  Possibly with helper plugin for filling out forms?\n* WebDAV (configuration) support\n* Some other form of remote storage that allows for\n  accountability / auditing (web API to retrieve the .gpg files?)\n\n## Further reading\n\n[FAQ](FAQ.md) and [CONTRIBUTING](CONTRIBUTING.md) documentation.\n[CHANGELOG](CHANGELOG.md)\n\n[Site](https://qtpass.org/)\n[Source code](https://github.com/IJHack/qtpass)\n[Issue queue](https://github.com/IJHack/qtpass/issues)\n[Chat](https://gitter.im/IJHack/qtpass)\n\n## License\n\n### GNU GPL v3.0\n\n[![GNU GPL v3.0](http://www.gnu.org/graphics/gplv3-127x51.png)](http://www.gnu.org/licenses/gpl.html)\n\n[View official GNU site](http://www.gnu.org/licenses/gpl.html)\n\n[\u003cimg src=\"https://opensource.org/wp-content/uploads/2022/10/osi-badge-dark.svg\" alt=\"OSI-approved license\" width=\"127\"\u003e](https://opensource.org/licenses/GPL-3.0)\n\n[View the Open Source Initiative site](https://opensource.org/licenses/GPL-3.0)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fijhack%2Fqtpass","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fijhack%2Fqtpass","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fijhack%2Fqtpass/lists"}