The other day I was listening to podcasts (as I usually do every day).

One I am following i Reply All from Gimlet Media. I tend to look forward to their next episode. They’re quite entertaining.

In this specific eposide (which is part three of this topic), they’re still trying to figure out why one of the host’s Uber account got hacked a while ago.

One of the reasons it that the host is not using a password manager (that’s them saying it, not me). And I agree.

After being through Keepass and other solutions, I ended up at pass (the standard Unix password manager).

Working in an Unix environment, this tool suits me best and integrates quite well over multiple machines in an automated environment. I combines GIT for changes with PGP to encrypt the data. Every file is encryptet with a GPG key and contains whatever you like. Well, the first line should be the password. pass can copy that line automatically into the clipboard if needed, so it’s wise to follow that standard.

All it does is storing a password in a textfile in what every hierachy of directories you like in ~/.password-store. For quicker access it gives you the script pass to search, edit, etc. the passwords.Commits are done automatically with some standard commit message.

Like all GIT repositories you can push and pull changes from a (secure) remote repository. I use the alias passsync to do that for me:

$ pass git pull --rebase origin master && pass git push origin master

I can generate new passwords for you as well:

`` bash $ pass generate test 12 [master 0db7fb4] Added generated password for test to store. 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 test.gpg The generated password to test is: 0owc(8wI>Pf

This also creates a password file `test.gpg` in `~/.password-store` and commited it to the repository. Usually I add some more information like the url, a username and more as I require. So in a practical scenario I rather create my passwords like this:

$ alias pwgen='pwgen -csy -N 8 12'
$ pwgen
>5}XI8O'W-60 7z,ot44XGQ^< ^G"!]ZBo~,4P RrW:H-?2?:M2 2HQ@&R!9$e\s F7;We45-[Ew"
u-.Qpx%{29tE 2a|I\U^l<(2m

Then I pick one and open a new password file and insert it into the file:

$ pass edit test

At least that way I can easily manage hundreds of passwords (currently >500).

Please let me know if you have a better workflow than this.