Skip to content

Instantly share code, notes, and snippets.

@bpankowski

bpankowski/gopass.md

Last active November 2, 2021 09:47
Show Gist options
  • Save bpankowski/ece28f32b61177b3c611e8620cc2c80a to your computer and use it in GitHub Desktop.
Save bpankowski/ece28f32b61177b3c611e8620cc2c80a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gopass.md

Installation

Install go (if not already installed)

https://golang.org/doc/install#install

ℹ️ If you are using Linux, remember to add paths in your environment.

In this step, we'll set some paths in your environment. Edit ~/.profile and add at the end these lines:

export GOPATH=$HOME/work
export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin

Install dependencies

https://github.com/gopasspw/gopass/blob/master/docs/setup.md#download-and-install-dependencies

Install gopass

https://github.com/gopasspw/gopass/blob/master/docs/setup.md#installing-from-source

Configuration

Generate GPG key pair

To generate GPG key pair flow up gopass documentation.

ℹ️ Remember to send GPG public key and SSH public key (or GitHub username) to password store administrators

  • To generate GPG public key run command

    gpg --export --armour user@example.com

    Where user@example.com is an email address provided during GPG creation.

  • SSH public key by default is stored at ~/.ssh/id_rsa.pub but it can be also generated from the private key using a command

    ssh-keygen -y -f ~/.ssh/id_rsa

    Where ~/.ssh/id_rsa is path to SSH private key.

  • Add gopass to .bashrc

    source <(gopass completion bash)

Initialize root local password store

gopass init

Add git password store

ℹ️ Note: You have to have pull and push access to the repository.

gopass clone --sync gitcli git@github.com:codilime/juniper-ci-passwords.git store-name

Where store-name is a local name for this password store.

To check available passwords for this store run command:

gopass store-name

By default, gopass shows passwords but it can copy it to the clipboard instead. To enable it run:

gopass config safecontent true
gopass config safecontent --store store-name true

gopass extensions

gopassbridge

A web extension for Firefox and Chrome to insert login credentials from gopass.

https://github.com/gopasspw/gopassbridge

Installation

Just pick preferred browser and install an extension from a dedicated shop.

https://github.com/gopasspw/gopassbridge#install-browser-extension

Firefox:

Mozilla Add-on

Chrome:

Chrome Web Store

Connect to gopass

In most cases, it is enough to run gopass jsonapi configure and follow the tutorial.

gopass jsonapi configure

https://github.com/gopasspw/gopassbridge#connect-to-gopass

Quick impression

https://youtu.be/ovOX_xP0d3s

gopass-ui

A graphical user interface to search and manage gopass secrets.

https://github.com/codecentric/gopass-ui

Installation

Download and install latest release.

Usage

A small tutorial for CLI

Password Storage

Check password storage

List all existing secrets in storage or path.

gopass storage-name
# or
gopass list storage-name

Sync

Synchronize all local stores with remote.

gopass sync

Passwords manage

Show secrets

This command will show the intended password. If the full path to the secret is not provided, gopass will grep for the most reasonable answer.

gopass show storage-name/path/secret-name

Add secrets

Add the secret to the storage.

gopass insert storage-name/path/secret-name

Add multiline secrets

By adding -m to insert it will turn on default editor on your system to provide multiline secrets. It is the best way to keep SSH private keys.

gopass insert -m storage-name/secret-name

Edit secrets

Edit an existing secret.

gopass edit storage-name/secret-name

Remove secrets

Remove existing secret.

gopass rm -r storage-name/path/secret-name

Copy secret

Copying secret from one path to another. The path can be in the same or different storage.

gopass cp storage-name1/secret-name storage-name2/secret-name

Binary files

Gopass provides a secure way to store binary files. For more details go to gopass documentation.

Generate secrets

Generate a new password of the specified length. Optionally put it on the clipboard and clear clipboard after 45 seconds. If secret already exists gopass will prompt before overwriting existing password (unless forced). Note that it will replace only the first line of an existing secret with a new one.

gopass generate 
# or
gopass generate storage-name/secret-name

Recipients

List recipients

List recipients for all stores.

gopass recipients

Add recipient

Add recipient to one store. Gopass will prompt to choose GPG key and store.

gopass recipients add

Remove recipient

Remove recipient from store.

gopass recipients remove

Additional configuration options

Autosync

Turn on auto synchronization with a git repository.

gopass config autosync true

Safecontent

This option will force copying secrets to clipboard over showing them in the terminal.

ℹ️ It will also affect gopass-ui.

gopass config safecontent --store storge-name true

Known issues

Problem with getting a public key

Sometimes during sync gopass is throwing an exception Failed to get public key for 0123456789ABCDEF0123456789ABCDEF01234567: exit status 2. It means that new key was added to the repository and it needs to be imported to local Keyring. Gopass should do that automatically. To check that everything went right you can list recipients or sync again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment