How to Use Pass Which Is a Command Line Password Manager

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey there Victor dakas here in this video we're going to go over using a command line password manager called pass it's available on multiple districts of Linux wsl2 Mac OS and more personally I've been using it for about seven years now and I have over 300 different passwords API Keys licenses config files and other secrets that I want to encrypt it all uses gpg key pairs under the hood here to do the encryption and decryption it's fully offline so your secrets and vaults or whatever are not going to be stored anywhere and since it's all just text files and directories it is compatible with get you can actually initialize a pass directory with or without it so if you wanted to sync it up somewhere you could totally do that and again since there's just text files like if you just want to drop that onto like an external drive locally or something like that you are good to go to do that so throughout this video we're going to go over installing and using pass initializing it playing around with a whole bunch of different commands here but before I jump into that and know this is not going to be an advertisement we're actually just going to look at some of the output here so you can get a better sense of how this tool Works in like one minute instead of you know me running some commands and and demoing it out here and it is a command line tool but it does have optional extensions for different browser plugins and things like that I personally just exclusively use it from the command line so that's what we're going to focus on in this video but in this page here with a link this is their official documentation now I'll link to here and they have some links for different other extensions if you want to you know integrate it with Alfred on Mac OS and some other stuff as well so yeah you can just run past here and it is going to Output all the entries that you have so since everything is just a file on disk with direct reason you can categorize these however you want you can kind of get this nice little tree view of the output here and then yeah if you want to get a specific password or secret for a specific entry here you can see you can just put in the path and what's really cool too is you do get some shell completion here so you can tap complete all the stuff here so in this case you know we want to get our password for email and then it's going to Output the password there now in my day-to-day I tend to use this next example here where I put the dash C flag in which is going to just copy this password right to your clipboard here and then it disappears from your clipboard in 45 seconds and you know whatever you had there previously will be put back on the clipboard this is really nice because it prevents outputting your password to standard out here you know nobody's going to see in the terminal if someone's like you know over your shoulder but more conveniently how I end up using this in my day-to-day is like you know let's say go to a website and my password isn't being Auto filled or saved in my browser well I just drop into the command line put in the entry like this and now it's copied to my clipboard so I can just paste it in and we are good to go what's really nice though is it also supports this idea of multi-line entries so you know in this case we are just retrieving a specific line here that's one line long and when you insert a password here or a token or whatever you want to save here you know you just do pass insert you know put the path in whatever and then yeah it is going to prompt you to put in whatever password that you want for and it gets saved and when you do something like the dash C flag is going to grab the first line of whatever you inserted so with multi-line you know you can have an I don't know if they actually show an example we're going to see in a couple minutes here but uh with multi-line you know you may want to save something like an API key pair that has maybe like a public key and private key component you know quite a few different Services have that or maybe you just have a config file that you want to save like you know I've got my Pi Pi config file that's like 15 line lines long and there has a couple different tokens in there well multi-line is perfect for that because it'll just save the whole thing as one entry and you can combine that with their C here and that is just going to pull out the the first line of whatever is in there so typically you know if I have something like a website that I sign up to and I also have API Keys associated with it well then maybe I'll add the whole entry together but on the first line I'll make sure to have my password to log into the site here and then everything else will go below that so really you can do whatever you want here again just text files another neat little feature too is that pass can randomly generate a password for you if you want to you can just do pass generate you know for whatever entry that you want put in how many characters that you want I don't know what it defaults to we'll look at the Man pages later but then it's going to actually create the entry for you with like inserting but you don't need to even put in the password it's going to generate one for you and you can even pass in some different flags it generates to just deal with like maybe you just want to have a specific character set Like A to Z with numbers maybe you don't win any special characters in there you can do that here yeah perfect rate no symbols done you can also remove stuff with RM blah blah blah okay cool you know we're gonna get into all this stuff not important now but yeah if you want to download it though you can download it using the instructions here for whatever distro or average system that you have here you know I've just app installed it into my wsl2 setup here but you can see with Max you can do a brew install or whatever maybe other package managers are available you can also just grab the tire ball over here as well you know it's also available on git so if you want to clone it mess around with it yeah go check it out but yeah you know down here somewhere you know there are different extensions for this tool and different clients so there is a chrome plug-in here and some other plugins as well for Alfred whatever if you're using Mac OS there cool and then also there is a d manuscript as well for Native Linux users if ever go native Linux eventually then I will probably be using this because I have used D menu in the past and it's quite nice but yeah that's about it for the high level overview you know let's jump into this tool and actually start playing around with it now everything is encrypted but it's still interesting because I wouldn't want to show necessarily all the sites that I've been to and have passwords for for example if we go back over here you know if I just ran this against my main password manager for pass like the directory where I've initialized things for you're going to see literally like every account I have and like it's going to leak all sorts of different things so what's really neat about this tool though is it supports this one environment variable uh do I even have it available off the top of my head nope we're going to go straight into the main Pages here uh Man passed there so it but it's somewhere down here um yeah cool okay so there's a whole bunch of different environment variables that you can set this is the one step that you're probably not going to want to do when you follow along but this is the only different thing here so I just want to customize where the uh pass tool is going to install let's like basically initialize itself too because it will by default drop a password store directory in your home directory that's completely fine that's where I have my normal stuff saved here but I do not want to mess around with that one here on video so I'm just going to export this to I don't know like a temp directory right uh okay let's go with temp like pass demo I guess past demo done so now when I run any commands with pass it is going to operate in this brand new directory here that I'm going to throw away after this video here so the first thing we need to do here though is initialize and I'm assuming you've you know maybe install things if you're following along already depending on what operating system that you have you need to initialize this password store directory and there's a couple of different ways to do this so when you do pass a knit this is going to just create a new directory make some files that it needs to have created but you can also do a pass get init which is going to make it a get repository as well and you know you don't need to push it somewhere but if you do the pass get in it then and I guess we'll look at both although personally I just use the get init one here uh what do I need to do oh yeah you have to put in your gpg keep here ID duh okay so in my case mine happens to be just my email address so you'll want to pop in whatever you want and the reason I said there I knew it because it tells me right there so yeah let's do that okay cool so we can see it's been initialized to this temp directory here not screwing around with my main one here nice and uh yeah what I was saying before about initializing with get like every single time you make a modification to your password store like if you add something remove something or whatever it will make a separate git commit for you and you know you can then choose to add a git remote and push it somewhere if you want but that pushing stuff is optional maybe you know if I were to rewind time back seven years potentially I would put it and get just because it's a little little bit more convenient for being able to get the old versions of maybe some of your passwords that could be kind of Handy to know like oh I just changed my password to this like it would be nice to see what the previous version was like two years ago or something like that if I ever wanted to because then you can just check out that commit and and go and look at it there so we've got things things initialized here and if you just run past with no arguments and I think past LS is maybe an alias to that one uh there's nothing here so we haven't added any passwords yet so let's do the most basic case here and maybe just insert a new password here and I don't know you can name these things whatever you want like personally I just go with sites here which is where basically all of my websites are and you can also have subdirectories too and you know you don't you need to use capitals I just tend to use capitals for directories only with this tool because it's a nice distinction between what's a directory and what's an actual file uh but yeah let's just go with like example.com here and you can see it is going to create that directory here because again just uh in fact I think it might even be a shell script I haven't looked at the source code in a while but I'm pretty sure it is but here and you know now we can just type in our password and then confirm it I literally just use the password to password which we're about to find out now because now if I just glue past you know sites example.com here it is going to Output that as that and then also you know going back to what we said before with the dash C you know you can just do this and now if I actually uh paste into my terminal here I just paste into my password and that's it pretty nice and let's say that you know you put your password in maybe incorrectly or uh maybe you try to generate a password but you did it beforehand using the past tool but the site says like oh you need to have like special characters or whatever or something like that uh you can just do this and uh well actually sorry about that you can do insert again and insert will just ask you if you want to override an existing one so if you do want to override it then you can just you know put in whatever you want here let's go with password this time I added an exclamation point here at the end so now if we go and retrieve this one well we will see that there's an exclamation point you know you didn't see me type it but uh yeah that's basically that now there's other little things you can do too like for example if you don't want this password here anymore you can do an RM there to delete it I'm just going to control C out of that one because you know this is kind of our working example for the video didn't want to delete that one right there but um yeah let's take a look here using multiple lines because it does work in kind of an interesting way nothing too crazy but you know let's say like you know my site.com or whatever let's let's do a different category right like uh AP I like pie.org or something you know like you know maybe it's a multi-line configure so when you do this then um you know it's still going to create this like normal and it gives us some pretty good instructions here right like basically we just hit Ctrl D when we're finished but you know you may choose to put like I don't know if there's like a website component on this one like you know like hello one two three like that's my super secure password but then I'm just hitting enter here normally on the keyboard and you may be like you know API like blah blah blah and maybe like private key like you know whatever you know the values happen to be you know you can just keep adding and adding and adding whatever you want and then when you're done you just do control D and that's it so now if we go and we go to retrieve this one over here we can see that is going to just dump whatever you put in there which is pretty nice um yeah I mean I have some more lower Tech clients where I know I have an assortment of things for them like different email passwords and like you know cloud provider stuff and I don't want to make individual entries for all those little things so I kind of just treat it as like um you know like a text file and then they're all encrypted there so that's why I say things like this and uh you know going back to this which I see you know this is going to copy uh just the hello one two three here to the to the clipboard here you know if it's a multi-line file we just see that now there's all sorts of other different commands that you can run to as well like for example you can do pass generate right like we saw before like let's just go with like another site.org this time uh this is going to generate the actual entry for you and give you the password back immediately like this if you do generate I think with Dash C then it is going to just copy that straight to the clipboard so let's just I'm gonna put like a one two three in here or something so we have something unique and we can see right away if I paste it here this is a new password that was to my clipboard you know it's expected that it doesn't match here because this actually generated a completely separate entry here I do not use this password generate feature that that often um but now that I'm kind of playing around with it it is not too bad because I've done videos about this one in the past where I've made like this Alias to create a password of whatever size that you want like I don't know let's say like 30. um and then that just copies that to my clipboard and then I can just pay taste it so I sort of kind of like just having the password component decoupled from generating I really wish that this generate command allowed me to do something like like no output or like something that wouldn't create the actual entry um but whatever you know if you want to use this you can and there are quite a few different options for Generate here let's take a look here at the Man pages I don't know them all off the top of my head here because I simply just don't use that command all the time but you can see like no symbols that's just gonna you know a disease or thread straight to the clipboard you could force things and you can also put in the length here and in place I guess will be described over here somewhere uh if in place or I have specified do not interactively prompt and only replace the first line of the password with the new generated password yeah I guess maybe you can do this one like if you wanted to update your password it will just go and regenerate and possibly uh do that let's actually see how that one works because um yeah okay so pass over here we've already got this one actually before I generate that you know what let's check it out what it even is like another site123.org so it starts with uh greater than less than okay great I don't know what is up is my up Arrow actually broken like I'm not powering I don't know if you can hear that but it is not doing anything which is a little bit concerning but it's clearly working because I'm going up down up down up down so for whatever reason my shell history is totally broken that's cool um yeah so what are we doing here we are generating a new one with Dash I and just seeing what that output is okay so let's do Dash I here and let's not copy to there and we'll see did it just override this one uh if we now my God I have to type this again okay uh yeah are we gonna get the one that starts with the Y now yeah cool so in place update that's pretty handy actually you know if you want to just change your password for an existing thing um without being interrupted with like an interactive prompt nice okay so let's actually see what else that we can play around here you know we mentioned like the RM command to remove stuff and LS is kind of just an alias for running it without things like rep and find and I think searches are all different aliases here yeah so what's pretty nice about this one is like if you do search like sites or something like that then you'll just see all the different sites there and technically though you know this is going to be all of them so you can imagine how grep Works where you can just filter things out so like if I wanted to do a search for uh or let's go with um you know cert like find this time instead of using search you know I can just do Pi Pi like this and it's only going to return back this one here kind of nice just avoids you having to pipe something into grep to do that manually uh I don't use that a ton but it's available which is kind of nice to know here you know we went over things like inserting you can edit things as well if you just want to edit your password generate stuff you can RM stuff you can since we're just dealing with command line things here right you can move things if you want to rename it you can copy it and there's some of the get stuff here so yeah let's just play around with like maybe moving something right so if you want to move the API Pi Pi one and by the way like the shell complete is working so I'm hitting Tab and tab here um nice so let's like move that to to I don't know let's maybe move it to sites because maybe you know it's going to have both a way to log in through a password and the config file itself so we can do that and that is going to rename it there and now if we do a pass we can see that the API directory has been cleaned up because there's nothing there that exists anymore and since we move things with the move command it just popped it in over here pretty cool um yeah if you want to copy stuff that's just going to you know just allow you to copy things so if we do sites Pi Pi to if I can type here let's go with sites like another pie pie or something I don't know like I actually do not use the copy command literally the first time I've ever ran it because normally I'm just not copying things I'm making new things but um yeah let's see what happened here yeah so it worked uh exactly how we expected there there I just copied things as we go cool so let's take a look here at some more uh commands that we may want to play around with if ever so yeah no mostly it's just uh basically to get commands after that one um we can see some simple examples here we kind of went over quite a few of these things we can find things we can search for things we can add things we can add things with multiple lines we can generate passwords we know if we want them to be longer or shorter you just put the number after that and it will generate them out you know Dash end flag is only going to give you alphanumerics here pretty handy stuff and then yeah extended a good example here right so you can do a pass get a knit here and then it's going to initialize a new directory as get and then if you want to add the origin you could totally do that and then if you want to push things to that origin you can do this as well let's actually play with the get one I'm not gonna push it anywhere but actually before we get there you guys there anything interesting here to go over so yeah there's the store directory so you can customize things if you'd like you can override the default GPT key identification that you passed in during a knit if you want uh yeah you can adjust the clipboard time kind of neat 45 seconds is the default I haven't really found a need to make that less or more but it's there if you want this could be handy just to generate passwords that are always a specific length that you want like maybe 36 characters or whatever you want maybe you can you know turn that into something where the value of this is dynamically generated to be random between like you know 30 and 50 or whatever that you want here you can also put in a custom character set for the passwords being generated could be interesting I suppose if you'd like yeah and then there's all sorts of different things around extensions and signing keys and other stuff again like you know I don't want to just read demand Pages too you can go and check this stuff out if he wants here but let me go and just blow out this entire directory that we did here past demo why because it's completely temporary and everything's on disk so you know now if you were to be like oh well maybe I'm done using Pass forever that's it you just RMF your directory here and you're good to go but um yeah let's try doing this get a net one now uh just to see what happens here and yes I'll probably need to put in my ID here then no such file or directory pass get init what did I do wrong pass get a knit where a knitting is it a knit get not getting it let's see should that not do that why would that one of the well hold on they're not putting in the ID for getting it so how does it know what id to use there okay well we're going to find out together here so pass get a net like this no such file or directory do you need to make the directory beforehand do when you do it like this one so I didn't do I need to actually like temp past demo oh my God the Opera I was killing me uh past getting it okay yeah okay that makes sense I guess done so now we have a get directory in here and if we go in here and take a look then we have the get directory here with all sorts of different things and uh everything is basically going to operate the same except you're going to get git commission commit messages when we do things so if we do pass insert sites like hello.com or something like that okay pass insert sitesholo.com this didn't work why pass and knit your okay so I guess you have to win it afterwards okay I guess you need to okay I guess I guess getting it is just initializing to get repo but then you still need to initialize um pass itself I think that makes sense that makes sense okay so let's actually do a get show in here and just or get logged and see what we have so far so we've got that so what does that even look like Okay cool so now now I think we're in good shape here so if I do uh pass insert like sites hello.com let's say um of course it doesn't work uh why because recording a video you must run past and knit your GPT ID before you may use the password store pretty sure I just ran that a second ago let me also just do an EnV on pass was it just pass I think it's a scary one to do oh sorry grep pass of course yeah it's past demo and we're in past demo now so why exactly can't uh they do a pass insert again sites hello you must run get pass into Euro all right I'll do it again let's and then I'll wrap it up if this doesn't work um maybe I typo this potentially I wish I could see the up Arrow oh wait error does not have a commit checked out does not have a commit checked out I've actually never seen this error specifically uh maybe I don't know said okay so now is it going to work I don't know let's find out pass insert sites I'm just going to put one here okay cool uh kind of scary in the sense that like I don't really know what I did other than changing in and out of the directory maybe some of the command that maybe one of the commands that I ran modified that directory in such a way where like I just needed to get the refreshed version of it uh yeah but uh yeah let's take a look here at just what was done so we have now added uh something so let's see what the shield looks like before that commits here cool so that didn't just put the password there did it uh let me see because I forgot what literally what password I put in there so uh let's do a get sites one cool so it does put the password unencrypted in the get history I mean if you wanted to see the previous versions of what you had that's nice but I would also think you would need to decrypt those to see them like I kind of expected the encrypted version to be there but I don't wanna it really put the in plain text no I I don't know I feel like maybe I'm using the get functionality incorrectly because if you just push this to GitHub or somewhere then like your password for that entry is going to be in plain text sitting there and that's sort of not a good thing to have happen so uh yeah let's just make pretend that um that didn't happen at all so that said that's kind of a high level rundown of using the pass Tool uh let me know in the comments below if you're going to be using or maybe you're already using it ready like what are some of your best tips for using the Tool uh if you have any questions about anything I'll try to answer the best to my ability in the comments below with that said thanks a lot if you liked the video please give a thumbs up it really does help a lot and I will see you in the next one
Info
Channel: Nick Janetakis
Views: 4,262
Rating: undefined out of 5
Keywords: pass, password manager, command line, terminal
Id: w34xAnNdliE
Channel Id: undefined
Length: 22min 9sec (1329 seconds)
Published: Tue Jun 20 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.