Security

How to install a text-based password manager for Linux, Mac, or FreeBSD users

If you want a password manager tool that will work without a GUI, here's a solution that you shouldn't pass on.

Image: iStock/eenevski

Name your favorite password manager. Now, name your favorite password manager that you can run on your headless Linux servers.

Gotcha!

Actually, that's not entirely true. There is a text-based password manager that does a great job of obscuring the storage of passwords, in a text-only file, with pgp encryption. The tool in question is called Pass, and anyone running Linux, FreeBSD, or Mac should give this a try.

Pass stores all passwords in the ~/.password-store, and provides commands for adding, editing, generating, and retrieving passwords. Pass is also capable of temporarily adding passwords to your clipboard, as well as tracking password changes using git.

Let's install Pass on Elementary OS Loki and start using this handy tool.

SEE: Password Management Policy (Tech Pro Research)

Installing Pass

Since you'll find Pass in the standard repositories, installation can be completed with a single command:

sudo apt-get install pass

The above command will install Pass and the necessary dependencies: git, git-man, liberror-perl, pwgen, tree, and xclip.

Using Pass

First, you need to initialize the password store. To do this, you must already have your pgp keys stored on the machine (if you haven't generated pgp keys, do so now). On the machine with Pass installed, open a terminal window (or login, if it's a headless server) and issue the command (GnuPG ID is the ID of the pgp key you want to associate with the password storage):

pass init GnuPG ID

The above command will create the ~/.password-store directory and initialize it for the associated user.

Let's say you want to add a password for a webmin instance on your primary server (we'll call that primary server MONKEYPANTZ). To add this new password to Pass, you issue a command like so:

pass MONKEYPANTZ/webmin

When you enter that command, you will be asked to type the GnuPG passphrase for the associated pgp key. After you authenticate against your key, you will be asked to type and verify the password you want to add for MONKEYPANTZ/webmin.

Say you want to add a password for webmail on MONKEYPANTZ—you can enter the command:

pass MONKEYPANTZ/webmail

If you type the command pass without any arguments, you'll see all the categories and entries for each (Figure A).

Figure A

Figure A

Your stored entries listed.

Let's say you want to view the password for MONKEYPANTZ/webmail; for this, you would type the command:

pass MONKEYPANTZ/webmail

When you hit Enter, you will be prompted for the passphrase for the associated pgp key. Upon successful authentication against that key, your password will be displayed.

You can also automatically copy that password to the clipboard (which has the added bonus of not displaying that password on the screen). Type the command:

pass -c MONKEYPANTZ/webmail

You will see that Pass has copied the password to your clipboard and will make it available for 45 seconds.

Pass can also generate passwords. Say you want to generate a new password for MONKEYPANTZ/Wordpress. To do this, type the command (X is the length of password you want to generate, such as 15 for a 15-character password):

pass generate MONKEYPANTZ/Wordpress X

Passwords can be removed with the command:

pass rm MONKEYPANTZ/Webmin

Passwords can be edited with the command:

pass edit MONKEYPANTZ/Webmin

The above command will open the password in your default editor, where you can change the password as needed.

Security by obfuscation and more

Pass is incredibly simple to use, reliable, secured by pgp, and makes it possible to obfuscate your password manager from prying eyes (most people would be looking for a GUI tool to serve this purpose). I like having Pass available even if only for that last reason...because if someone is going to look for a password manager on my system, the last place they'll probably look is the command line. Until now. ;-)

Also see

About Jack Wallen

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.

Editor's Picks

Free Newsletters, In your Inbox