Tutorial¶
Lets create a new password store and enable the extension support
/tmp/passwords
❯ export PASSWORD_STORE_DIR=/tmp/passwords
Generate a new password, e.g. for github.com
/tmp/passwords
❯ pass generate Websites/github.com
[master a0befb2] Add generated password for Websites/github.com.
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 Websites/github.com.gpg
The generated password for Websites/github.com is:
9lllpU3K4NUx#r&vn{(<dtCqr
Double check if the password is added to the git repo
/tmp/passwords
❯ glol
* a0befb2 - (HEAD -> master) Add generated password for Websites/github.com. (5 seconds ago) <Marko Bauhardt>
* 73a0e91 - Configure git repository for gpg file diff. (20 seconds ago) <Marko Bauhardt>
* 0e00d33 - Add current contents of password store. (21 seconds ago) <Marko Bauhardt>
Use pass-keybase report to figure out if there is a new gpg entry
/tmp/passwords
❯ pass keybase report
Number of GPG encryped files: 1
Number of Keybase encryped files: 0
GPG encrypted passwords which are not encrypted with Keybase:
*************************************************************
Websites/github.com
You can encrypt the whole password store
/tmp/passwords
❯ pass keybase encrypt-all
[master 20b145b] Reencrypt password store using keybase-id mbauhardt
3 files changed, 218 insertions(+)
create mode 100644 Websites/github.com.keybase
/tmp/passwords
❯ glol
* 20b145b - (HEAD -> master) Reencrypt password store using keybase-id mbauhardt (19 seconds ago) <Marko Bauhardt>
* a0befb2 - Add generated password for Websites/github.com. (3 minutes ago) <Marko Bauhardt>
* 73a0e91 - Configure git repository for gpg file diff. (3 minutes ago) <Marko Bauhardt>
* 0e00d33 - Add current contents of password store. (3 minutes ago) <Marko Bauhardt>
Lets decrpt with keybase to make sure everyting went well.
/tmp/passwords
❯ pass keybase decrypt Websites/github.com
Authored by mbauhardt (you).
9lllpU3K4NUx#r&vn{(<dtCqr
For sure, you can also encrypt a single gpg entry
/tmp/passwords
❯ pass generate Websites/mailbox.org
/tmp/passwords
❯ pass keybase encrypt Websites/mailbox.org
/tmp/passwords
❯ pass
Password Store
└── Websites
├── github.com
├── github.com.keybase
├── mailbox.org
└── mailbox.org.keybase
In case you update a password with GPG, but forget to update your Keybase version, use the built in diff command to figure out which passwords are not in sync.
/tmp/passwords
❯ pass
Password Store
└── Websites
├── github.com
├── github.com.keybase
├── mailbox.org
└── mailbox.org.keybase
/tmp/passwords
❯ pass edit Websites/github.com
/tmp/passwords 7s
❯ pass keybase diff
Websites/github.com
/tmp/passwords 7s
❯ pass keybase encrypt Websites/github.com
/tmp/passwords
❯ pass keybase diff
/tmp/passwords 6s