pass simple
Multi-platform GUI for pass, the standard unix password manager
The advantages of pass simple
include the use of GPGME (native C++, seamless integration with Security cards) or rnp (realtime,multithreading and windows support), as well as support for YAML and Markdown.
Homepage: https://sourceforge.net/projects/pass-simple/
Github and support: https://github.com/shemeshg/pass-simple-qt
Screenshots: https://github.com/shemeshg/pass-simple-qt/wiki
Rnp & Security card integration
-
create a script that accept
keyId
as parameter.#!/bin/sh /usr/local/bin/gpg -d /outside/your/password-store/$1.gpg
-
chmod +x
script name -
Encrypt the
/outside/your/password-store/$1.gpg
where$1
as yourkeyId
.
with a content of your password. -
Set
Rnp pass std exec path
in settings, to your script.
Markdown
-
Markdown is CommonMark plus the GitHub extensions for tables and task lists (see https://doc.qt.io/qt-6/qml-qtquick-text.html).
-
Inline Images are not supported
-
Links with relative path to other
.pgp
in the samepassword store
are supported,link should not include the
.pgp
extension, for example# Header [ref to a/b file.pgp](<a/b file>) or <a/b file>
Yaml
-
Since
pass simple
storetotp
inyaml
, to read generated totp usegopass show fileName|yq '.["totp"]' | oathtool -b --totp -
-
text starts with
-
or#
can not beYAML
, and is considered standard text. -
For YAML compatability with password in first line tools, it is possible to put a dummy null field.
_: ~ user: user1 password: 12345
Fields type
- textedit - supports
autotype
of selected textMarkDown
read only view
- texteditMasked
- text
- url
- password
- totp
- datetime
Changing password
Autotype
types the last saved value.
After duplicate current filed with an "OLD_" prefix ("OLD_password") in edit field type
, remember to save.
R.click tree view
(Not git aware)
-
Add folder.
-
Delete selected.
-
Rename selected.
-
Move selected using drag and drop.
move
available only within the same.gpg
authorization folder.
Case insensitive search
- Default search is case-sensitive (using
std::find
). To make it case-insensitive, add an additional.*
to the regex.
For example: .*WhatEver.*.*
(beware of the std::regex
bug in Linux gcc 14
).
install platform specific
For all platforms - recommended
-
Rnp do not self sign your Id, so import public ID in
pass-simple
usinggnupg
mode.On windows
gnupg
mode not applicable, so:$ gpg --edit-key jane@acme.org gpg> lsign gpg> y gpg> save
-
On windows use
gopass
instead ofpass
. -
Review
Auth
tab in the app and manually fix anybad entries
.rnp
only search key IDs in the.gpgid
file that are 16 (or less) characters long.These 16 characters are the ones on the right side, as shown by
gnupg
.The
gopass
format, which uses a key ID starting with0x
, is also supported.
Mandatory
-
Create a note with pass command line, ensure all well
pass pass edit whatever
-
If pass store not initialized use
gopass setup
or follow this: https://www.redhat.com/sysadmin/management-password-storeThis document will walk through creating Private and public keys, and init the repository (setup the
.gpgid
authorization file).
-
-
Ensure you can read and write the test note created before.
-
setup git
Avoid this set by using
gopass clone
-
if not using
gopass
.Prefer manually to ensure
gpg
absolute path, also mandatory aftergit clone
.# New repository git init echo '*.gpg diff=gpg' > ".gitattributes" # New and Cloned repository git config --local diff.gpg.binary true git config --local diff.gpg.textconv "`which gpg` -d --quiet --yes --compress-algo=none --no-encrypt-to"
Or using pass, and correct the
diff.gpg.textconv
with above.export PASSWORD_STORE_DIR=/Volumes/volume\ name/password-store pass git init
-
Ensure you can
git commit -am "commit"
. -
create additional change and ensure you can
git diff HEAD~
and see last change in clear text. -
Set
restoreWindows
invscode
tofolder
ornone
It is always good practice to close all
vscode
opened tabs before closingpass simple
otherwisevscode
might recreate temporary files edited.
Optional/Advanced
-
Protect your '.gpg_id' or specific folders with Git-Enforced Policy (
git server and client hooks
)https://git-scm.com/book/en/v2/Customizing-Git-An-Example-Git-Enforced-Policy
-
Use disk encryption -
tomb
/veracrypt
or mac'sdiskutil
to protect the repository itself.password for the disk encryption can be stored in the default repository (
~/.password-store/
), and then link mounted encrypted repository withln -s
(likemounts
ingopass
) -
Consider using
yubikey
or move secret keys to USB driveUse rotate subkey for different devices, or ASDK for team members.
-
Backup your store to other drive or remote ssh server
Ensure you can
git pull
andgit push
-
protect application configuration file as readonly with
chmod
, or AppArmor
Windows specific
Windows runs natively with Rnpgp
and gnupg
backend.
Backup your gnupg
keys before converting from sqlite
to kbx
.
install software
-
install
gopass
winget install Git.Git winget install GnuPG.Gpg4win winget install gopass.gopass
https://github.com/gopasspw/gopass/blob/master/docs/setup.md
-
initialize
gopass
withgopass setup
-
list keys, and inspect store location and key format.
gpg --list-keys
-
convert
gpg4win
sqlite
tokbx
usinggpg-disable-keyboxd
. -
use
gopass
to create and edit a test document. -
Run NSIS installer executable
winget install Shemeshg.PassSimple
or manually Extract the deployed windows zip folder, and run
pass-simple.exe
from windows explorer. (application is not signed, so confirm security screen). -
Windows Os does not recognize
dot
initial ashidden
, so at the root of the repository.
Get-ChildItem -Path . -Force -Filter ".*" | ForEach-Object { $_.Attributes = 'Hidden' }
Mac specific
-
Install pass
brew install pass pinentry-mac echo "pinentry-program `which pinentry-mac`" >> ~/.gnupg/gpg-agent.conf gpgconf --kill gpg-agent defaults write org.gpgtools.common UseKeychain -bool NO
-
Install pass-simple
brew install --cask shemeshg/homebrew-tap/pass-simple
-
"XYZ Is Damaged and Can’t Be Opened. You Should Move It To The Trash"
See https://discussions.apple.com/thread/253714860?sortBy=rank
xattr -c /Applications/pass-simple.app/ codesign --force --deep --sign - /Applications/pass-simple.app
-
Mac has no
/dev/shm
you can create temporary ram drive after every boot with.diskutil erasevolume HFS+ RAM_Disk_4G `hdiutil attach -nomount ram://8192000`
-
alias for cli
alias pass-simple='nohup /Applications/pass-simple.app/Contents/MacOS/pass-simple > /dev/null 2>&1 &'
dev packages
brew install gpgme libgpg-error pinentry-mac
brew tap rnpgp/rnp
brew install rnp
Ubuntu specific
The .deb
file and the .zip
files are already qt-deployed
.
If you are using other distro like Fedora
, you can extract the contents of the .deb
file or download the linux zip
, extract it to /opt
and run.
-
Download the deb file and install
sudo dpkg -r pass-simple sudo dpkg -i ./pass-simple-1.x.x-Linux.deb
on ubuntu 24.04
sudo apt --fix-broken install
and repeat. -
Install dependencies if compile yourself (or not using the deb file)
sudo apt-get -y install pass gnupg2 libgpgme-dev libgpgmepp-dev libbz2-dev libjson-c-dev
-
Install
ydotool
autotype.For Manual compilation https://askubuntu.com/questions/1413829/how-can-i-install-the-latest-ydotool-1-0-1-keyboard-automation-tool-working-on
-
sudo cp /usr/lib/systemd/user/ydotoold.service /etc/systemd/system
-
sudo service ydotool start
-
sudo systemctl enable ydotool
-
ensure
export YDOTOOL_SOCKET=/tmp/.ydotool_socket
in/opt/pass-simple/bin/pass-simple.sh
. -
Open
pass-simple
and selectsetting
.set autotype to
ydotool type sequence
If compile yourself
-
If compile
rnpgp
yourself follow https://www.rnpgp.org/software/rnp/docs/installation/ and install thebotan
version as requested in the document. -
install qt https://web.stanford.edu/dept/cs_edu/resources/qt/install-linux
Notice: Qt6 packages in the deb repository are broken, so download the install from Qt.com
-
pull submodules
https://stackoverflow.com/questions/1030169/pull-latest-changes-for-all-git-submodules
-
qt-cmake
and build.~/Qt/6.5.0/gcc_64/bin/qt-cmake -DCMAKE_BUILD_TYPE=Release ../pass-simple-qt/ cmake --build .
keyboard shortcuts
Cmd S Save in preview mode.
Cmd F Toggle Find/search.
Cmd T Toggle tree view.
Cmd , Toggle Settings.
Cmd M Toggle Markdown.
Cmd Y Sync - Add,commit,pull and push.
Cmd L Toggle text and YAML in preview mode.
Cmd Shift L Logout - End gpg session, clear clipboard and search fields.
Cmd U Open Url field found (YAML mode only).
Cmd E Toggle Preview On/Off.
Cmd O Open externally with vscode
(available when Preview is ON or OFF).
Software Bill of Materials (SBOM)
Core Frameworks & Libraries
- Qt Quick and QT6 Open Source
- GnuPG Made Easy (GPGME)
- Gpgmepp
- LibGpgError
- yaml-cpp
- rnp
Platform-Specific Tools
- pinentry-mac (Mac only)
- On Ubuntu 20.04: already installed and configured for Wayland
UI & Icons
- Icons by Icons8
- Icons by Google Material Icons
Features from KeePassXC
Utilities & Helpers
SPDXVersion: SPDX-2.2
DataLicense: CC0-1.0
DocumentName: BuiltWith-SPDX
DocumentNamespace: http://example.com/spdxdocs/builtwith-001
Creator: Tool: Microsoft Copilot
Created: 2025-08-20T11:41:00Z
##### Packages #####
PackageName: Qt
PackageDownloadLocation: https://www.qt.io/
PackageLicenseDeclared: GPL-3.0-or-later
PackageName: Gpgmepp
PackageDownloadLocation: NOASSERTION
PackageLicenseDeclared: LGPL-2.1-or-later
PackageName: GPGME
PackageDownloadLocation: https://gnupg.org/software/gpgme/index.html
PackageLicenseDeclared: LGPL-2.1-or-later
PackageName: LibGpgError
PackageDownloadLocation: NOASSERTION
PackageLicenseDeclared: LGPL-2.1-or-later
PackageName: pinentry-mac
PackageDownloadLocation: NOASSERTION
PackageLicenseDeclared: GPL-2.0-or-later
PackageName: yaml-cpp
PackageDownloadLocation: https://github.com/jbeder/yaml-cpp/
PackageLicenseDeclared: MIT
PackageName: Icons8
PackageDownloadLocation: https://icons8.com/icons/
PackageLicenseDeclared: NOASSERTION
PackageName: Google Material Icons
PackageDownloadLocation: https://developers.google.com/fonts/docs/material_icons
PackageLicenseDeclared: Apache-2.0
PackageName: KeePassXC TOTP
PackageDownloadLocation: https://github.com/keepassxreboot/keepassxc/tree/develop/src/totp
PackageLicenseDeclared: GPL-2.0-or-later
PackageName: KeePassXC Screen Capture
PackageDownloadLocation: https://github.com/keepassxreboot/keepassxc/tree/develop/src/gui/osutils
PackageLicenseDeclared: GPL-2.0-or-later
PackageName: Cog
PackageDownloadLocation: https://nedbatchelder.com/code/cog
PackageLicenseDeclared: MIT
PackageName: Thread Pool
PackageDownloadLocation: https://github.com/bshoshany/thread-pool
PackageLicenseDeclared: MIT
PackageName: RNP
PackageDownloadLocation: https://github.com/rnpgp/rnp
PackageLicenseDeclared: BSD-2-Clause
LICENSE
https://github.com/shemeshg/pass-simple-qt/blob/main/LICENSE