π Official Website: GoPassPW
π Github.com: GoPassWD/GoPASS
Install for Debain (Ubuntu, Debain, Raspbian...) Copy the given command and paste in Terminal
curl https://packages.gopass.pw/repos/gopass/gopass-archive-keyring.gpg | sudo tee /usr/share/keyrings/gopass-archive-keyring.gpg >/dev/null
cat << EOF | sudo tee /etc/apt/sources.list.d/gopass.sources
Types: deb
URIs: https://packages.gopass.pw/repos/gopass
Suites: stable
Architectures: all amd64 arm64 armhf
Components: main
Signed-By: /usr/share/keyrings/gopass-archive-keyring.gpg
EOF
sudo apt update
sudo apt install gopass gopass-archive-keyringThis command will download keyring install installed in APT keyringf Install Package itself.
to run gopass
gopassapt install -y gopass gnupg git
gopass --version # check gopass is successfully installed and versiongopass -hOR
gopass --helpGopass is all About GnuPG Keys - Security Core Git is Sync system every secret/passwd treat as a file/encrypted one.
gpg -h
# gpg --helpFirst check you already have setup gpg keys ready or not.
gpg --list-secret-keyskey locations : /home/USER/.gnupg
Example: /home/aniket/.gnupg
if see a key and know the passphase while setting it up. Then you are good to Go without creating a new gpg key.
OR
If key not been Created then Follow this:
gpg --full-generate-keythen choose accordingly
1) RSA & RSA
keysize: 4096
Expiry: key does not expire
Name: Aniket Chavan
Email: testemail@gmail.com
Comment: GoPass Password Manager
Enter Passphase, Remember only for the key and Gopass PasswdManager
SET as passwd of 6 even if limit was 8 long. Verify
gpg --list-secret-keys --keyid-format LONGYou will see key you created below, something like
sec rsa4096/ Date
ABC...
uid [ultimate] Comment
ssb rsa4096 Date [E]
That's the KEY ID.
You can export keys so you share between machines offline locally.
gpg --export-secret-key > private.keyThe remember private.key is in encrypted format.
you need passphase for it also.
This command will start gopass and create dirs and files
gopass initOn first time running this command,
you will be ask for to select your gpg key if you have mutiple keys in the System.
dirs and files will be create in ~/.local/share/gopass/stores/root
passwd/secret are in formed of encrypted cipher text, unreadable format.
now Run command gopass put in gopass interactive shell
no need of entering gopass again.
use quit command to exit / quit the gopass interactive shell.
it create password store, and initize git repo in
/home/aniket/.local/share/gopass/stores/root
if anything pop up like error and warning, you might need an help.
This command will add a new password entry to email dir and under named of gmail secret password.
gopass insert test_dir/test_passwd
# gopass insert email/gmailYou have input your owned Password into this field It will store your password securly.
OR
π² Auto-generate One
gopass generate test_dir/test_secret 16
# gopass generate email/gmail2 20here it will generate password for you specify length of password.
here we specify 16.
give it some time.
Password generation, check for help
gopass pwgen -h
This will generate 16 length passwords
gopass pwgen 16
gopass createOR
gopass newcreate : will prompt for website url and pin code generation
same will repeat for new.
for Website Login `[0]`.
Website URL: test_site
Username: test_user
Generate password: Y/n/q
Human-pronouncebale passphase: y/N/q
creds: websites/test_site/test_user
cred will copy to clipboard automatically for 45 seconds ONLY.
πFor Pin Generation:
Pin Code (numerical) [1]
Authority: test_user
Entity: test_user
Generate Password: Y/n/q
How long? 16
Commnet: -
Creds saved as pin/test_user/test_user
pin will be copy to clipboard fro 45 seconds.
after 45 seconds it will clear itself.
gopass show test_dir/test_passwd # test001
gopass show test_dir/test_secret # ar9....Ask for passphase
same as machine
gopass cat test_dir/test_secretIt copy to clipboard, and also it will be clear in 45 seconds.
gopass show -c test_dir/test_secretlist down all store passwords names only, not show passwords
gopass listOR
gopass lstree view dirs/files
files are secret/passwds.
You can also look for passwords in Store
gopass find test_secret # test_dir/test_secret
# gopass find secret/passwd-nameOR
gopass search test_secret # test_dir/test_secretYou also use grep
gopass grep testTo show passwd:
gopass show -o test_dir/test_secret # ar9...
gopass show -o test_dir/test_passwd # test001It's possible to copy and move passwords from one location to another
gopass copy test_dir/test_secret test_dir/test_secret1
gopass cp test_dir/test_secret test_dir/test_secret1Move Passwords from on Location to another.
gopass move test_dir/test_secret test_secret1The file will be moved to root location of passwd store.
gopass delete test_secret1
gopass remove test_secret1
gopass rm test_secret1change directory to ~/.local/share/gopass/store/root
following git commands will create git essentials files & dirs if not been created, and check git status.
git init # No Need already initize by GoPass
git statusAdd Remote Git Repos, could be GitHUB, GitLAB or Self-Hosted.
git remote add origin git@git***.com:USER/password-store.gitAlways choose private git repos.
enable git in gopass
gopass git initto sync:
gopass syncIt will push secrets to git remote repo.
gopass git logbrings git logs commit messages.
History of passwords:
gopass hist test_dir/test_secret
gopass history test_dir/test_secretCheck for weak and duplicates passwords
gopass auditYou can encrypted the secret / passwd for multiple gpg keys
Meaning TEAMS can share same secret / passwords and can view / see it.
To CHECK members
gopass recipientsTo ADD members:
gopass recipients add team/devops ABC...- Each members of TEAM can decrypt same secret with their own key.
- git sync stays the same
- No plain text exposure.