Completed the initial setup of pass on Macos Big Sur, this is after BitWarden locked me out half a day because apparently I had "network issues", but that seems highly doubtful.
Anyway that shook my faith in Bitwarden, so I searched for an alternative and I'm pretty happy with pass. It's simple, no-nonsense. In a nutshell it's front end for a git repo + gpg to handle encryption.
Bascially if your client side can reach/interact with a git repo and works with GPG (2.2 for Android/OpenKeyChain, see below.) we're in business.
To install pass and be able to pick the correct GPG version, we have to install it manually, but no worries, it's a shell script.
git clone https://git.zx2c4.com/password-store
cd password-store
To avoid Macos permissions/getting in your way, we just set $PREFIX to /usr/local. (The Makefile will default to PREFIX=/usr)
PREFIX=/usr/local make install
Once that's done we setup pass...
pass init "GPG KEY ID"
Wait you got a GPG key ID right? No?! Ok... pause, let's install GPG.
brew install gnupg@2.2
brew link gnugpg
If you already have a GnuGPG binary installed, make sure pass is only talking to v2.2 (edit the path, or pass's shell script to make sure it's only using gpg 2.2)
check that...
gpg --version
If it's 2.2x we're good, if not, fix that.
Also install the GPG-tools, make sure you have a GUI Pinentry for GPGKey pass-phrase entry.
Assuming we're ok, create a key.
gpg --full-generate-key
Then we export the key for use with pass.
gpg --armor --export-secret-keys YOUREMAILADDRESS > gpg.pub.key
gpg --armor --symmetric --output key.sec.asc < gpg.pub.key
Now list the keys
gpg --list-keys
Which will output something like...:
/Users/you/.gnupg/pubring.kbx
-------------------------------
sec ed21519 2022-05-26 [SC]
E5E395663938FC536482922C223A48BC0D6C6841
uid [ultimate] Your Name <you@gmail.com>
ssb cv12319 2022-05-26 [E]
Your key ID will be where E5E395663938FC536482922C223A48BC0D6C6841 is.
so back on track...
pass init E5E395663938FC53648NOTTHISTHOUGHYOURGPGKEYID2922C223A48BC0D6C6841
We have a password store!
pass git init
Now it's a git repo... Assuming you know how to get a new git repo online.
pass git remote add git@host.com:name/repo.git
Now we can manually add things to pass go read the man page... man pass
To import from bitwarden there's pass-import. It was non-obvious to install, so:
cd ~/.password-store
mkdir .extensions
cd .extensions
wget https://github.com/roddhjav/pass-import/releases/download/v3.2/pass-import-3.2.tar.gz
tar xzf pass-import-3.2.tar.gz
cd pass-import-3.2
python3 setup.py install
cd ~
Assuming Python 3.10 and pip are installed, you're fine.
Check the docs for other pw managers at https://github.com/roddhjav/pass-import
For BitWarden we do an export to JSON from there and with the file we do:
pass import bitwarden ~/path-to-bitwarden.json
Ok, let's check they're all in ...
pass list
You should see all the items from BitWarden...
So, let's push that stuff to your PRIVATE git repo, it's obviously encrpyted too, but please.
pass git push
You may have guessed, but anything after pass git is just regular old git commands, so do what you need to.
So getting things working with Firefox requires the PassFF extension. Install it through the Firefox extensions store.
We also need to install the passff host so do this...
curl -sSL github.com/passff/passff-host/releases/latest/download/install_host_app.sh | bash -s -- firefox
Restart Firefox and you'll be able to access the passwords. It's an ok extension, I need to use it more to see if there are issues. Passwords can be found, copied, filled in, added, sync'ed, etc.
Next we need to get the key key.sec.asc we made earlier, and an ssh key for access to the git repo, all somewhere onto your phone/device whatever.
First let's install OpenKeyChain-Android
Setup just needs to import the key.sec.asc we generated earlier.
That should be fine, if not refer to the docs.
Now install Android-password-store and set it up. We need to tell it where the git repo is and give it an ssh key.
And We're done.... do a referesh from Android password store... and you should be happy.
Note: New items will need you to git push, if you add them from the command line, but passFF and Android-password-store do that automatically for you.
iOS PassForiOS
This was similar to Android, however the App has solid instructions, so just follow them: PassForiOS Startup Guide. You will need to send keys sent to the device... !!!DO NOT!!! SEND KEYS VIA EMAIL!!!!
Instead, install a Terminal and SSH client on the iOS device (I used Blink) and scp from the machine where the GPG keys are to the iOS device.
You'll need to unlock the password store using the GPG Key passphrase.
brew install pinentry-mac
Should be all you need to do to get GPG key passcode prompts in the Macos GUI. Mind you, I've had to unlock in the terminal a couple of times though.