Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mihaigalos/pass

🔑 YubiKey-sealed Secrets-as-Code for git.
https://github.com/mihaigalos/pass

password-manager yubikey

Last synced: 3 days ago
JSON representation

🔑 YubiKey-sealed Secrets-as-Code for git.

Host: GitHub
URL: https://github.com/mihaigalos/pass
Owner: mihaigalos
License: mit
Created: 2022-05-08T07:47:53.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2024-05-22T19:15:38.000Z (6 months ago)
Last Synced: 2024-05-22T20:31:46.527Z (6 months ago)
Topics: password-manager, yubikey
Language: Just
Homepage:
Size: 44.9 KB
Stars: 32
Watchers: 3
Forks: 0
Open Issues: 2
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# pass

YubiKey-sealed Secrets-as-Code for git.

`pass` runs in the command line.

![example](screenshots/pass.gif)

## Why?

Online password managers have already reached maturity, however `git` can be used to store encrypted passwords and files just fine.

The i.e. GitHub repo containing them can be private.

## How?
Leveraging [`age`](https://github.com/C2SP/C2SP/blob/main/age.md), one can use private-public keypairs for encryption of data for multiple such keys (recipients).

The private part is directly storeable on a YubiKey. Users are asked for a PIN for additional security.

## Installation

OS: Linux.

Prerequisites:
* [`just`](https://github.com/casey/just) in `$PATH`.
* Run `just install `.

## Usage

```bash
$ just pass add mysecretname # Asks for a password, encrypts it to a file "mysecretname" and commit+pushes it to the secrets repository.
$ just pass add_file $(realpath mysecretfile) # Encrypts the given file (needs full path) and commit+pushes it to the secrets repository.
$ just pass mysecretname # Decrypts the secret file "mysecretname".
$ just pass list # list all known passwords. Feeds to fzf if installed.
```
Additionally, you can set an alias to get access to the functionality from any path in the shell:
```bash
$ echo 'alias pass="just --justfile ~/git/pass/Justfile pass"' >> ~/.bashrc
$ pass mysecretname # Prints the secret
```

## Randompass

If you wish, you can generate a new random password directly:
```bash
$ just pass random mysecretname
```

And of course you can use it with the above alias:
```bash
$ pass random mysecretname # Encrypts a random password to a mysecretname and commit+pushes to the secrets repository.
$ pass mysecretname # Prints the secret.
```

If `xclip` is installed, the contents of the random password are automatically placed in the clipboard.

# Acknowledgements

`pass` is just a thin wrapper around the following awesome technologies:

* [`YubiKey`](https://www.yubico.com/products/yubikey-5-overview/) - Strong hardware encryption.
* [`age-plugin-yubikey`](https://github.com/str4d/age-plugin-yubikey) - YubiKey plugin for `rage`.
* [`rage`](https://github.com/str4d/rage) - a Rust implementation of the `age` spec.