This is the internal password repository for gopass. Inorder to setup your gopass, see below. For any questions that are not on this page, checkout the gopass documentation.
Also, internet security is becoming more and more of a necessity. Password managers are generally subscription based, but this is FREE. This will hopefully help those who are on the fence of moving to a password manager.
To ensure a secure, modular password solution that is scalable across multiple clients. If you are installing this for personal use, awesome!
Security is important. 'nough said.
There are a few steps. Make sure you have ssh installed, and a active terminal/(admin)powershell/(admin)cmd ready.
Make sure you have a bitbucket account!
There are several ways you can set up go pass:
Install Github for your platform. Make sure you install the bash terminal!
Download for your platform. Windows users, you have a few more steps down in Windows: Additional Steps, sorry :(
The GoPass Binaries, install the latest edition.
(OPT) QT Pass GUI Installer, install the latest edition for your OS.
If you want a bit of control over the app, I always say go for cmd. Not at all nessecary though.
-
Install Homebrew.
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" -
Run the following brew commands.
brew install gpg1 brew install git
This should install the basic homebrew gpg1 package, which is a prereq for gopass. Since I ran into a few issues that would be a bother for most, feel free to install gpg2 gui for MacOSX. If you are daring, run:
brew install gpg2Next, install the following to get gopass installed.
brew tap justwatchcom/gopass brew install gopass
Now, we install basic pass inorder to set up our initial password repo.
brew install pass
-
(Opt) There are a few optional installs: QTPass A visual interface for pass
brew cask install qtpass
Hang in there! You're almost done :D
For a reference of the steps I am listing here, be sure to checkout the full instructions list (after section 2.1 here.
-
Add to the path enviroment variable. Go ahead and add the pat to your installation at Control Panel → System Properties → the Advanced tab → Environment Variables → System variables. Add the following:
c:\windows;c:\utils;c:\Program Files\GNU\GnuPGNow, running the following:
gpg --version
And you should see some lovely configuration items. Wooo!
-
Give yourself a pat on the back, awesome job.
First, we need to add a ssh key to your bitbucket. First, lets create one!
-
Navigate to your ssh folder. If you are on a windows platform, make sure you have git's bash window open.
cd ~/.ssh
-
Generate a new key.
ssh-keygen -t rsa -b 4096 -C "your-bitbucket-email@email.com"Follow the prompts, and name the key whatever you'd like to name it.
-
Create add this key to your agent. First, let's make sure it's running.
eval "$(ssh-agent -s)"
Add add it...
ssh-add -K ~/.ssh/<your key name here>
And paste the public key to our clipbord.
cat ~/.ssh/<your key name here>.pub | pbcopy
Now, if you're on a mac, you will need to add this key to your ssh config. Go ahead and open/create the config file using nano, vim, or whatever terminal editor is your favorite.
vim ~/.ssh/configAnd insert the following:
Host * AddKeysToAgent yes UseKeychain yes IdentityFile ~/.ssh/id_rsa
Awesome. For more information, checkout BitBucket's Instructions. Or, if you love git, here's Git's perspective on key generation.
Now, let's add that shinny new key to our profile. Login to bitbucket, and make your way on over to your profile, which should be located about here:
https://bitbucket.org/account/user/<your user name here>/
Now, select Settings. Under Security, click Ssh Keys. Now, click "Add key", add a label, paste your copied key, and click "Add key" one more time.
Tired of keys? Oh, we have only BEGUN to do the key dance! Now, if you installed GPG correctly, this will be a breeze.
-
Add a key to GPG. We need to add a GPG key. If you already have one created, feel free to dance your way to the dance section.
gpg gen-key
Boom, pretty exciting, right? Follow the prompts, adding your namne, email, and password. Remember this password, it will not be show again. I personally stored my password in LassPass, because I was feeling perticularry cheeky.
Wait, wait, wait... We need to add a base user to pass.
-
Init pass and add base git repo.
pass init <your gpg email> pass git init pass git remote add origin <git ssh uri>
"But how do I git the bloody git ssh uri?! ;D Remember BitBucket? I know right? It's been a while, and I'm sure he's feeling lonely. Let's pay him a visit.
-
Get git URI. Navigate on over to your bitbucket, and boop that "+" to the left of the page. Boop. Now add a repository. I personally recomend naming it pass or password_store, your call. After the repo is created, head back to your account overview, and select the new repo.
-
Add ssh URI, finally. Copy the ssh uri (At the top of the page just underneath "Overview"). It should look something like this:
git@bitbucket.org:<user name>/<repo name>.git
Now run
pass git remote add origin <git ssh uri>
If you are prompted to add the key permanently, allow it ('y' or 'yes' should suffice).
Add a test password
pass insert testAnd follow the prompts to add a password. Let's use oh-so-secure 'password123.' Afterwards, push this key to the repo with
pass git push
Let's make sure that worked:
pass testAfter entering our gpg password (told you we would need it), we should see 'password123.' Woo! If you are unfortunate, sorry D: Add a comment wherever I've posted this, we'll see if we can't get you up and running 👍
Finally! Now for the time we've been waiting for! In that trusty terminal, go ahead and run the following:
gopassWe should see our password added in the last step. WOOOOOOO! Again, if this didn't work, ping me.
One more step, let's enable autosync:
gopass config autopass trueYou should now be able to do some pretty cool stuff, like have gopass search for the path of a password given some text. For example:
gopass insert some/random/path/testerWith our trusty 'password123.' Now, we can simply run:
gopass testerAnd we should get the path of our password, in this case 'some/random/path/tester.'
Now we pass gopass some/random/path/tester:
gopass some/random/path/testerAnd we shoild get 'password123.' Neat, right?
Now, the power of gopass lies in it's ability to intigrate with many, many git password repos. For example, if I had a repo pass-work, and I wanted to add it to gopass, I can add it with:
gopass clone git@example.com/pass-work.git <mount name>
gopass mountsAnd you should see the new mounted password store <mount name> and it's path!
There is so much gopass can do. Checkout gopass and pass for more details and security goodness.
If you installed QtPass, setting it up is a breeze. Open the application, and navigate over to the 'config' button. Press, and navigate over to the profiles tab. Here, you an add password stores for pass to show other than your default repo! Let's go ahead and add your default by clikiung the left most button to "Current password-store." Give it a name as well by selecting the box underneath name.
Now, to get the repo paths, navigate manually acording to your operating system, OR run in terminal/powershell/cmd:
gopass mounts
Which should the lists of all non-default pass stores. For each pass store, copy the path, and add it's profile by the same mehtod with which we added the main/default profile.
Boop ok, and you should see a selector box to the right top of QtPass. You will have to have security clearance to access this store, but if you have followed my instructions, that won't be a problem!
If you'd like access on your phone, Apple users can use passforios, Android Pass Store for android devices. The apps are also available on the Apple App Store and Play Store.
There are even browser intigrations, check them out in the "Compatible Clients" section on passwordstore's page.
There are intigrations that allow the moving of passwords from 1Password, LastPass, KeePass, and several other password managers. See the "Migrating to" section on the passwordstore's page.
This was doen for my personal edification, so feel free to suggess modifications by PMing me (see below). If they are spelling issues, which I can garuentee there are PLENTY, complain about grammar in the comments PM me at the contact info below.
Feel free to translate this piece, just please reference this original piece.
Aweome work to the people over at gopass, pass, gpg, BitBucket, and the hundreds of other places that I cannot recal. Much, much love :) <3
I'll work on throwing a formal reference section shortly, but I'm pressed for time. I could use a bit of an editor anyway. hint hint
HINT HINT
PM me on twitter @dalin_williams or funkeyfreak on github, we'll figure out what's happening. Ping me on linked in if you just wanna grab a coffee (I LOVE COFFEE). Much love, and thanks for reading.
Dalin Williams A Crazy Person