Skip to content

Instantly share code, notes, and snippets.

@marsa099

marsa099/password-store-installation.md

Last active April 17, 2023 20:02
Show Gist options
  • Save marsa099/d546792ae34cbeb39811a128a42541b3 to your computer and use it in GitHub Desktop.
Save marsa099/d546792ae34cbeb39811a128a42541b3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
password-store-installation.md

Installation and configuration for password store

Before start:

  • Create a new private GitHub repository for the password store
  • Generate ssh key pair to use with GitHub if you haven't already
    ssh-keygen -t ed25519

Prerequisite for MacOS (skip this for Linux):

  1. Install homebrew (a prerequisite to be able to install the standard unix password manager. Homebrew can be installed via a curl command here: https://brew.sh. Installation takes a couple (5?) minutes
  2. Install pass with brew install pass (https://www.passwordstore.org)

Installation (For Linux and Mac)

  1. (Linux) If you for some reason dont have pass or gpg installed, install them first
  2. Generate GPG-key with command gpg --gen-key. Answer the questions asked by GPG. Email is enough (https://gist.github.com/flbuddymooreiv/a4f24da7e0c3552942ff). If passphrase is chosen here, this has to be entered every time you want to show a password in the store
  3. Run pass init <gpg-key-id>
    Note: Skip this step if you are planning on using pass on multiple devices

Using multiple devices

To use multiple devices, each device must have all other devices public keys in the gpg key ring. This can be done by exporting the public key on each device and store them in the repo:

  1. Exporting public key to file (from device 1):
    gpg --output <keyfilename>.pgp --armor --export <key-id>

  2. Either put this key in the repository or transfer it in some other way to other devices

  3. Importing public key to gpg (from device 2)
    gpg --import .keys/<keyfilename>.gpg

  4. Trust the imported key
    gpg --edit-key ubuntu
    trust
    Choose option 5 (trust ultimately)

  5. Clone the repository for the other devices. Run pass init <gpg-key name 1> <gpg-key name 2> .... (order is important. Need to be the same for all devices.

Repeat these steps for all devices

  1. Now pass is ready to be used :)

Configuration for iPhone

  1. Download the (a) pass app for your iPhone:
    https://mssun.github.io/passforios/

  2. Generate a key-pair for the mobile device with gpg from a computer
    gpg --generate-key

  3. Copy all public keys to a file
    gpg --armor --export <gpg-key-id #1> <gpg-key-id #2> <gpg-key-id #3> > pubkeys.txt

  4. Copy the private key to be used for the mobile device to file
    gpg --output <mobile private key file name>.pgp --armor --export-secret-key <mobile key id>

  5. Copy the combined public key and private key to the mobile device (for instance by using icloud files)

  6. Configure the mobile device by opening the pass ios app, go to settings -> php key -> load from file -> select the keys.

  7. Remove the private key from the computer you generated the key-pair from (but keep the public key)
    gpg --delete-secret-key mobile

  8. Remove the physical files from icloud (and also delete them from the .Trash folder)

  9. Remember to import the public key for the mobile device to other already configured devices

Tags: #pass #passwordstore #password #passwordmanager #gpg

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment