gopass

Initialize the configuration settings

$ gopass init

$ gopass new

$ gopass mounts

$ gopass mounts add [store_name] [git_repo_url]

$ gopass show [keyword]

$ gopass find [keyword]

$ gopass sync

$ gopass [store_name|path/to/directory|email@email.com]

gopass [ COMMAND ] [ OPTIONS ]... [ ARGS ]...

gopass is a very simple password store that keeps passwords inside gpg2(1) encrypted files inside a simple directory tree residing at ~/.password-store. The gopass utility provides a series of commands for manipulating the password store, allowing the user to add, remove, edit, synchronize, generate, and manipulate passwords.

If no COMMAND is specified, COMMAND defaults to either show or ls, depending on the type of specifier in ARGS. Otherwise COMMAND must be one of the valid commands listed below.

Several of the commands below rely on or provide additional functionality if the password store directory is also a git repository. If the password store directory is a git repository, all password store modification commands will cause a corresponding git commit. git(1).

The init command must be run before other commands in order to initialize the password store with the correct gpg key id. Passwords are encrypting using the gpg key set with init.

There is a corresponding bash completion script for use with tab completing password names in bash(1).

init [ --path=path, -p path ] gpg-id...

Initialize new password storage and use gpg-id for encryption. Multiple gpg-ids may be specified, in order to encrypt each password with multiple ids. This command must be run first before a password store can be used. If the specified gpg-id is different from the key used in any existing files, these files will be reencrypted to use the new id. Note that use of gpg-agent(1) is recommended so that the batch decryption does not require as much user intervention.

ls subfolder

List names of passwords inside the tree at subfolder by using the tree(1) program. This command is alternatively named list.

grep search-string

Searches inside each decrypted password file for search-string, and displays line containing matched string along with filename.

find pass-names...

List names of passwords inside the tree that match pass-names by using the tree(1) program. This command is alternatively named search.

show [ --clip, -c ] [ --username, -u ] pass-name

Decrypt and print a password named pass-name. If --username or -u is specified, do not print the password but insteat attempt to find the username. If --clip or -c is specified, do not print the password but instead copy the first line to the clipboard using xclip(1).

insert [ --multiline, -m ] [ --force, -f ] pass-name

Insert a new password into the password store called pass-name. This will read the new password from standard in. If --multiline or -m is specified, an editor will be opened for you to type the password. Otherwise, only a single line from standard in is read. Prompt before overwriting an existing password, unless --force or -f is specified. This command is alternatively named add.

edit pass-name

Insert a new password or edit an existing password using the default text editor specified by the environment variable EDITOR or using editor as a fallback. This mode makes use of temporary files for editing.

generate [ --no-symbols, -n ] [ --force, -f ] pass-name pass-length

Generate a new password of length pass-length and insert into pass-name. If --no-symbols or -n is specified, do not use any non-alphanumeric characters in the generated password. Prompt before overwriting an existing password, unless --force or -f is specified.

rm [ --recursive, -r ] [ --force, -f ] pass-name

Remove the password named pass-name from the password store. This command is alternatively named remove or delete. If --recursive or -r is specified, delete pass-name recursively if it is a directory. If --force or -f is specified, do not interactively prompt before removal.

mv [ --force, -f ] old-path new-path

Renames the password or directory named old-path to new-path. This command is alternatively named rename. If --force is specified, silently overwrite new-path if it exists. If new-path ends in a trailing /, it is always treated as a directory.

cp [ --force, -f ] old-path new-path

Copies the password or directory named old-path to new-path. This command is alternatively named copy. If --force is specified, silently overwrite new-path if it exists. If new-path ends in a trailing /, it is always treated as a directory.

git git-command-args...

If the password store is a git repository, pass git-command-args as arguments to git(1) using the password store as the git repository. If git-command-args is init, in addition to initializing the git repository, add the current contents of the password store to the repository in an initial commit.

help

Show usage message.

version

Show version information.

~/.password-store

The default password storage directory.

~/.password-store/.gpg-id

Contains the default gpg key identification used for encryption and decryption. Multiple gpg keys may be specified in this file, one per line.

PASSWORD_STORE_DIR

Overrides the default password storage directory.

EDITOR

Text editor to use.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

gpg2(1), git(1),

gopass was written by Alexandre Viau. For updates and more information, a project page is available on the World Wide Web.

pass was written by Jason A. Donenfeld. For updates and more information, a project page is available on the World Wide Web.