Skip to content

Instantly share code, notes, and snippets.

@funkeyfreak
Last active September 15, 2017 17:22
Show Gist options
  • Save funkeyfreak/9d18a20ed85d4cc6695ccdc2b2303a18 to your computer and use it in GitHub Desktop.
Save funkeyfreak/9d18a20ed85d4cc6695ccdc2b2303a18 to your computer and use it in GitHub Desktop.
How to set up a FREE secure online password store

Setting gopass, a FREE password manager

Or just pass, if you are a horrible person

This is the internal password repository for gopass. Inorder to setup your gopass, see below. For any questions that are not on this page, checkout the gopass documentation.

Also, internet security is becoming more and more of a necessity. Password managers are generally subscription based, but this is FREE. This will hopefully help those who are on the fence of moving to a password manager.

Purpose

To ensure a secure, modular password solution that is scalable across multiple clients. If you are installing this for personal use, awesome!

Security is important. 'nough said.

How do I get set up?

There are a few steps. Make sure you have ssh installed, and a active terminal/(admin)powershell/(admin)cmd ready.

Pre-reqs

Make sure you have a bitbucket account!

There are several ways you can set up go pass:

GUI (Visual) Installers

Install Github for your platform. Make sure you install the bash terminal!

Download for your platform. Windows users, you have a few more steps down in Windows: Additional Steps, sorry :(

The GoPass Binaries, install the latest edition.

(OPT) QT Pass GUI Installer, install the latest edition for your OS.

MAC OSX Install via Homebrew and basic command line tools

If you want a bit of control over the app, I always say go for cmd. Not at all nessecary though.

  1. Install Homebrew.

    /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" 
  2. Run the following brew commands.

    brew install gpg1
    brew install git

    This should install the basic homebrew gpg1 package, which is a prereq for gopass. Since I ran into a few issues that would be a bother for most, feel free to install gpg2 gui for MacOSX. If you are daring, run:

    brew install gpg2
    

    Next, install the following to get gopass installed.

    brew tap justwatchcom/gopass
    brew install gopass

    Now, we install basic pass inorder to set up our initial password repo.

    brew install pass
  3. (Opt) There are a few optional installs: QTPass A visual interface for pass

    brew cask install qtpass
Windows: Additional Steps

Hang in there! You're almost done :D

For a reference of the steps I am listing here, be sure to checkout the full instructions list (after section 2.1 here.

  1. Add to the path enviroment variable. Go ahead and add the pat to your installation at Control Panel → System Properties → the Advanced tab → Environment Variables → System variables. Add the following:

    c:\windows;c:\utils;c:\Program Files\GNU\GnuPG
    

    Now, running the following:

    gpg --version

    And you should see some lovely configuration items. Wooo!

  2. Give yourself a pat on the back, awesome job.

Add your keys to bitbucket

First, we need to add a ssh key to your bitbucket. First, lets create one!

  1. Navigate to your ssh folder. If you are on a windows platform, make sure you have git's bash window open.

    cd ~/.ssh
  2. Generate a new key.

    ssh-keygen -t rsa -b 4096 -C "your-bitbucket-email@email.com"

    Follow the prompts, and name the key whatever you'd like to name it.

  3. Create add this key to your agent. First, let's make sure it's running.

    eval "$(ssh-agent -s)"

    Add add it...

    ssh-add -K ~/.ssh/<your key name here>

    And paste the public key to our clipbord.

    cat ~/.ssh/<your key name here>.pub | pbcopy

    Now, if you're on a mac, you will need to add this key to your ssh config. Go ahead and open/create the config file using nano, vim, or whatever terminal editor is your favorite.

    vim ~/.ssh/config

    And insert the following:

    Host *
      AddKeysToAgent yes
      UseKeychain yes
      IdentityFile ~/.ssh/id_rsa

    Awesome. For more information, checkout BitBucket's Instructions. Or, if you love git, here's Git's perspective on key generation.

    Now, let's add that shinny new key to our profile. Login to bitbucket, and make your way on over to your profile, which should be located about here:

    https://bitbucket.org/account/user/<your user name here>/

    Now, select Settings. Under Security, click Ssh Keys. Now, click "Add key", add a label, paste your copied key, and click "Add key" one more time.

Add GPG Key

Tired of keys? Oh, we have only BEGUN to do the key dance! Now, if you installed GPG correctly, this will be a breeze.

  1. Add a key to GPG. We need to add a GPG key. If you already have one created, feel free to dance your way to the dance section.

    gpg gen-key

    Boom, pretty exciting, right? Follow the prompts, adding your namne, email, and password. Remember this password, it will not be show again. I personally stored my password in LassPass, because I was feeling perticularry cheeky.

  2. Do the dance.

Setup GoPass

Wait, wait, wait... We need to add a base user to pass.

  1. Init pass and add base git repo.

    pass init <your gpg email>
    pass git init 
    pass git remote add origin <git ssh uri>

    "But how do I git the bloody git ssh uri?! ;D Remember BitBucket? I know right? It's been a while, and I'm sure he's feeling lonely. Let's pay him a visit.

  2. Get git URI. Navigate on over to your bitbucket, and boop that "+" to the left of the page. Boop. Now add a repository. I personally recomend naming it pass or password_store, your call. After the repo is created, head back to your account overview, and select the new repo.

  3. Add ssh URI, finally. Copy the ssh uri (At the top of the page just underneath "Overview"). It should look something like this:

    git@bitbucket.org:<user name>/<repo name>.git

    Now run

    pass git remote add origin <git ssh uri>

    If you are prompted to add the key permanently, allow it ('y' or 'yes' should suffice).

    Add a test password

    pass insert test

    And follow the prompts to add a password. Let's use oh-so-secure 'password123.' Afterwards, push this key to the repo with

    pass git push

    Let's make sure that worked:

    pass test

    After entering our gpg password (told you we would need it), we should see 'password123.' Woo! If you are unfortunate, sorry D: Add a comment wherever I've posted this, we'll see if we can't get you up and running 👍

Finally! Now for the time we've been waiting for! In that trusty terminal, go ahead and run the following:

gopass

We should see our password added in the last step. WOOOOOOO! Again, if this didn't work, ping me.

One more step, let's enable autosync:

gopass config autopass true

You should now be able to do some pretty cool stuff, like have gopass search for the path of a password given some text. For example:

gopass insert some/random/path/tester

With our trusty 'password123.' Now, we can simply run:

gopass tester

And we should get the path of our password, in this case 'some/random/path/tester.'

Now we pass gopass some/random/path/tester:

gopass some/random/path/tester

And we shoild get 'password123.' Neat, right?

Now, the power of gopass lies in it's ability to intigrate with many, many git password repos. For example, if I had a repo pass-work, and I wanted to add it to gopass, I can add it with:

gopass clone git@example.com/pass-work.git <mount name>
gopass mounts

And you should see the new mounted password store <mount name> and it's path!

There is so much gopass can do. Checkout gopass and pass for more details and security goodness.

GUI Setup (PC, Mobile, and Browser)####

If you installed QtPass, setting it up is a breeze. Open the application, and navigate over to the 'config' button. Press, and navigate over to the profiles tab. Here, you an add password stores for pass to show other than your default repo! Let's go ahead and add your default by clikiung the left most button to "Current password-store." Give it a name as well by selecting the box underneath name.

Now, to get the repo paths, navigate manually acording to your operating system, OR run in terminal/powershell/cmd:

gopass mounts

Which should the lists of all non-default pass stores. For each pass store, copy the path, and add it's profile by the same mehtod with which we added the main/default profile.

Boop ok, and you should see a selector box to the right top of QtPass. You will have to have security clearance to access this store, but if you have followed my instructions, that won't be a problem!

If you'd like access on your phone, Apple users can use passforios, Android Pass Store for android devices. The apps are also available on the Apple App Store and Play Store.

There are even browser intigrations, check them out in the "Compatible Clients" section on passwordstore's page.

Moving to Pass/GoPass

There are intigrations that allow the moving of passwords from 1Password, LastPass, KeePass, and several other password managers. See the "Migrating to" section on the passwordstore's page.

Contribution guidelines

This was doen for my personal edification, so feel free to suggess modifications by PMing me (see below). If they are spelling issues, which I can garuentee there are PLENTY, complain about grammar in the comments PM me at the contact info below.

Feel free to translate this piece, just please reference this original piece.

Credit, References, and Stuff

Aweome work to the people over at gopass, pass, gpg, BitBucket, and the hundreds of other places that I cannot recal. Much, much love :) <3

I'll work on throwing a formal reference section shortly, but I'm pressed for time. I could use a bit of an editor anyway. hint hint

HINT HINT

Who do I talk to?

PM me on twitter @dalin_williams or funkeyfreak on github, we'll figure out what's happening. Ping me on linked in if you just wanna grab a coffee (I LOVE COFFEE). Much love, and thanks for reading.

Dalin Williams A Crazy Person

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment