Password Store (
pass) on Mac, Firefox and Android
Completed the initial setup of pass on Macos Big Sur, this is after BitWarden locked me out half a day because apparently I had "network issues", but that seems highly doubtful.
Anyway that shook my faith in Bitwarden, so I searched for an alternative and I'm pretty happy with pass. It's simple, no-nonsense. In a nutshell it's front end for a git repo + gpg to handle encryption.
Bascially if your client side can reach/interact with a git repo and works with GPG (2.2 for Android/OpenKeyChain, see below.) we're in business.
To install pass and be able to pick the correct GPG version, we have to install it manually, but no worries, it's a shell script.
git clone https://git.zx2c4.com/password-store cd password-store
To avoid Macos permissions/getting in your way, we just set
Makefile will default to
PREFIX=/usr/local make install
Once that's done we setup pass...
pass init "GPG KEY ID"
Wait you got a GPG key ID right? No?! Ok... pause, let's install GPG.
brew install firstname.lastname@example.org brew link gnugpg
If you already have a GnuGPG binary installed, make sure pass is only talking to v2.2 (edit the path, or pass's shell script to make sure it's only using gpg 2.2)
If it's 2.2x we're good, if not, fix that.
Also install the GPG-tools, make sure you have a GUI Pinentry for GPGKey pass-phrase entry.
Assuming we're ok, create a key.
Then we export the key for use with pass.
gpg --armor --export-secret-keys YOUREMAILADDRESS > gpg.pub.key gpg --armor --symmetric --output key.sec.asc < gpg.pub.key
Now list the keys
Which will output something like...:
/Users/you/.gnupg/pubring.kbx ------------------------------- sec ed21519 2022-05-26 [SC] E5E395663938FC536482922C223A48BC0D6C6841 uid [ultimate] Your Name <email@example.com> ssb cv12319 2022-05-26 [E]
Your key ID will be where
so back on track...
pass init E5E395663938FC53648NOTTHISTHOUGHYOURGPGKEYID2922C223A48BC0D6C6841
We have a password store!
pass git init
Now it's a git repo... Assuming you know how to get a new git repo online.
pass git remote add firstname.lastname@example.org:name/repo.git
Now we can manually add things to pass go read the man page...
To import from bitwarden there's
pass-import. It was non-obvious to install, so:
cd ~/.password-store mkdir .extensions cd .extensions wget https://github.com/roddhjav/pass-import/releases/download/v3.2/pass-import-3.2.tar.gz tar xzf pass-import-3.2.tar.gz cd pass-import-3.2 python3 setup.py install cd ~
Assuming Python 3.10 and
pip are installed, you're fine.
Check the docs for other pw managers at https://github.com/roddhjav/pass-import
For BitWarden we do an export to JSON from there and with the file we do:
pass import bitwarden ~/path-to-bitwarden.json
Ok, let's check they're all in ...
You should see all the items from BitWarden...
So, let's push that stuff to your PRIVATE git repo, it's obviously encrpyted too, but please.
pass git push
You may have guessed, but anything after
pass git is just regular old git commands, so do what you need to.
We also need to install the
passff host so do this...
curl -sSL github.com/passff/passff-host/releases/latest/download/install_host_app.sh | bash -s -- firefox
Restart Firefox and you'll be able to access the passwords. It's an ok extension, I need to use it more to see if there are issues. Passwords can be found, copied, filled in, added, sync'ed, etc.
Next we need to get the key
key.sec.asc we made earlier, and an ssh key for access to the git repo, all somewhere onto your phone/device whatever.
First let's install OpenKeyChain-Android
Setup just needs to import the
key.sec.asc we generated earlier.
That should be fine, if not refer to the docs.
Now install Android-password-store and set it up. We need to tell it where the git repo is and give it an ssh key.
And We're done.... do a referesh from Android password store... and you should be happy.
Note: New items will need you to git push, if you add them from the command line, but passFF and Android-password-store do that automatically for you.
This was similar to Android, however the App has solid instructions, so just follow them: PassForiOS Startup Guide. You will need to send keys sent to the device... !!!DO NOT!!! SEND KEYS VIA EMAIL!!!!
Instead, install a Terminal and SSH client on the iOS device (I used Blink) and scp from the machine where the GPG keys are to the iOS device.
You'll need to unlock the password store using the GPG Key passphrase.
brew install pinentry-mac
Should be all you need to do to get GPG key passcode prompts in the Macos GUI. Mind you, I've had to unlock in the terminal a couple of times though.