Managing passwords with pass

I've been thinking about dumping LastPass for a while now, especially after it was bought by some company whatever. But the way that LastPass is useful is quite awesome:

  • can generate passwords
  • stores all passwords
  • fill login forms automatically (the best feature for me)

So how can I replace it with something with at least similar functionalities but under my control?

The answer to that is pass. It stores the passwords as encrypted text with GPG on the local filesystem. The feedback was so good that other people started using it and developed more resources for it, as a GUI and a Firefox extension <>_.

I'll describe how I managed to set it up.


First, let's set up the GPG key:

sudo apt-get install gpgv2

and generate a key:

gpg --gen-key

If the key process takes it too long because of the entropy generation,

We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 210 more bytes)

install the rng-tools:

sudo apt-get install rng-tools

and generate entropy using the command

sudo rngd -r /dev/urandom

to generate enough entropy for GPG.


So now let's install pass:

sudo apt-get instal pass

and create a password store:

pass init <email used to generate the GPG key>

You can now start adding passwords. As I said, I used LassPass heavily, so I had tons of passwords stored. To convert them I exported on LastPass my passwords to a CSV and used this tool to import the passwords to pass. I now could access all my passwords from the command line.

pass with git

But one of the nicest things about Lastpass is be able to synchronize the passwords over the web. pass can manage the passwords as a git repository, so that's the route I chose. After importing the passwords I initialized the password store as a git repository:

pass git init

Now the changes on the password file would be automatically commited. Using my meta array account on SDF, I created a bare remote repository on it (git init --bare) and added as a remote repository on my pass folder:

pass git remote add origin

where the bare git repository is at ~/git/pass. After that a simple

pass git push -u --all

commited all passwords to the repo.

Alternatives to access the passwords

There is a Firefox extension that can access the stored passwords. It's almost as good as Lastpass, but only for Firefox.

Last posts

  1. Proper way to run PySpark on a Jupyter Notebook

    tags: environmentdata sciencepysparkjupyter

  2. Address normalization with Python and NLTK

    tags: data scienceNLPtext mining

  3. Basic Python Setup for Data Science on Linux

    tags: datasciencepython

  4. Too many tools, not enough carpenters (short version)

    tags: data sciencetools

  5. From Maple to Spark

    tags: toolsmaplescientific softwarepythonspark