pass simple
Multi-platform GUI for pass, the standard unix password manager
The advantages of pass simple
include the use of GPGME (native C++, seamless integration with Security cards) or rnp (realtime,multithreading and windows support), as well as support for YAML and Markdown.
Homepage: https://sourceforge.net/projects/pass-simple/
Github and support: https://github.com/shemeshg/pass-simple-qt
Screenshots: https://github.com/shemeshg/pass-simple-qt/wiki
Rnp & Security card integration
-
create a script that accept
keyId
as parameter.#!/bin/sh /usr/local/bin/gpg -d /outside/your/password-store/$1.gpg
-
chmod +x
script name -
Encrypt the
/outside/your/password-store/$1.gpg
where$1
as yourkeyId
.
with a content of your password. -
Set
Rnp pass std exec path
in settings, to your script.
Markdown
-
Markdown is CommonMark plus the GitHub extensions for tables and task lists (see https://doc.qt.io/qt-6/qml-qtquick-text.html).
-
Inline Images are not supported
-
Links with relative path to other
.pgp
in the samepassword store
are supported,link should not include the
.pgp
extension, for example# Header [ref to a/b file.pgp](<a/b file>) or <a/b file>
Yaml
-
Since
pass simple
storetotp
inyaml
, to read generated totp usegopass show fileName|yq '.["totp"]' | oathtool -b --totp -
-
text starts with
-
or#
can not beYAML
, and is considered standard text. -
For YAML compatability with password in first line tools, it is possible to put a dummy null field.
_: ~ user: user1 password: 12345
Fields type
- textedit - supports
autotype
of selected textMarkDown
read only view
- texteditMasked
- text
- url
- password
- totp
- datetime
Changing password
Autotype
types the last saved value.
After duplicate current filed with an "OLD_" prefix ("OLD_password") in edit field type
, remember to save.
R.click tree view
(Not git aware)
-
Add folder.
-
Delete selected.
-
Rename selected.
-
Move selected using drag and drop.
move
available only within the same.gpg
authorization folder.
Case insensitive search
- Default search is case-sensitive (using
std::find
). To make it case-insensitive, add an additional.*
to the regex.
For example: .*WhatEver.*.*
(beware of the std::regex
bug in Linux gcc 14
).
install platform specific
For all platforms - recommended
-
Rnp do not self sign your Id, so import public ID in
pass-simple
usinggnupg
mode.On windows
gnupg
mode not applicable, so:$ gpg --edit-key jane@acme.org gpg> lsign gpg> y gpg> save
-
On windows use
gopass
instead ofpass
.
Mandatory
-
Create a note with pass command line, ensure all well
pass pass edit whatever
-
If pass store not initialized use
gopass setup
or follow this: https://www.redhat.com/sysadmin/management-password-storeThis document will walk through creating Private and public keys, and init the repository (setup the
.gpgid
authorization file).
-
-
Ensure you can read and write the test note created before.
-
setup git
Avoid this set by using
gopass clone
-
if not using
gopass
.Prefer manually to ensure
gpg
absolute path, also mandatory aftergit clone
.# New repository git init echo '*.gpg diff=gpg' > ".gitattributes" # New and Cloned repository git config --local diff.gpg.binary true git config --local diff.gpg.textconv "`which gpg` -d --quiet --yes --compress-algo=none --no-encrypt-to"
Or using pass, and correct the
diff.gpg.textconv
with above.export PASSWORD_STORE_DIR=/Volumes/volume\ name/password-store pass git init
-
Ensure you can
git commit -am "commit"
. -
create additional change and ensure you can
git diff HEAD~
and see last change in clear text. -
Set
restoreWindows
invscode
tofolder
ornone
It is always good practice to close all
vscode
opened tabs before closingpass simple
otherwisevscode
might recreate temporary files edited.
Optional/Advanced
-
Protect your '.gpg_id' or specific folders with Git-Enforced Policy (
git server and client hooks
)https://git-scm.com/book/en/v2/Customizing-Git-An-Example-Git-Enforced-Policy
-
Use disk encryption -
tomb
/veracrypt
or mac'sdiskutil
to protect the repository itself.password for the disk encryption can be stored in the default repository (
~/.password-store/
), and then link mounted encrypted repository withln -s
(likemounts
ingopass
) -
Consider using
yubikey
or move secret keys to USB driveUse rotate subkey for different devices, or ASDK for team members.
-
Backup your store to other drive or remote ssh server
Ensure you can
git pull
andgit push
-
protect application configuration file as readonly with
chmod
, or AppArmor
Windows specific
Windows runs natively with Rnpgp
and gnupg
backend.
Backup your gnupg
keys before converting from sqlite
to kbx
.
install software
-
install
gpg4win
winget install gpg4win
-
install chocolatey (via copy past into PowerShell)
-
install
gopass
choco install gopass
https://github.com/gopasspw/gopass/blob/master/docs/setup.md
-
initialize
gopass
withgopass setup
-
list keys, and inspect store location and key format.
gpg --list-keys
-
convert
gpg4win
sqlite
tokbx
usinggpg-disable-keyboxd
. -
use
gopass
to create and edit a test document. -
Run NSIS installer executable
or manually Extract the deployed windows zip folder, and run
pass-simple.exe
from windows explorer. (application is not signed, so confirm security screen). -
Windows Os does not recognize
dot
initial ashidden
, so at the root of the repository.
Get-ChildItem -Path . -Force -Filter ".*" | ForEach-Object { $_.Attributes = 'Hidden' }
Mac specific
-
Install pass
brew install pass pinentry-mac echo "pinentry-program `which pinentry-mac`" >> ~/.gnupg/gpg-agent.conf gpgconf --kill gpg-agent defaults write org.gpgtools.common UseKeychain -bool NO
-
Install pass-simple
brew install --cask shemeshg/homebrew-tap/pass-simple
-
"XYZ Is Damaged and Can’t Be Opened. You Should Move It To The Trash"
See https://discussions.apple.com/thread/253714860?sortBy=rank
xattr -c /Applications/pass-simple.app/ codesign --force --deep --sign - /Applications/pass-simple.app
-
Mac has no
/dev/shm
you can create temporary ram drive after every boot with.diskutil erasevolume HFS+ RAM_Disk_4G `hdiutil attach -nomount ram://8192000`
-
alias for cli
alias pass-simple='nohup /Applications/pass-simple.app/Contents/MacOS/pass-simple > /dev/null 2>&1 &'
dev packages
brew install gpgme libgpg-error pinentry-mac
brew tap rnpgp/rnp
brew install rnp
Ubuntu specific
The .deb
file and the .zip
files are already qt-deployed
.
If you are using other distro like Fedora
, you can extract the contents of the .deb
file or download the linux zip
, extract it to /opt
and run.
-
Download the deb file and install
sudo dpkg -r pass-simple sudo dpkg -i ./pass-simple-1.x.x-Linux.deb
on ubuntu 24.04
sudo apt --fix-broken install
and repeat. -
Install dependencies if compile yourself (or not using the deb file)
sudo apt-get -y install pass gnupg2 libgpgme-dev libgpgmepp-dev libbz2-dev libjson-c-dev
-
Install
ydotool
autotype.For Manual compilation https://askubuntu.com/questions/1413829/how-can-i-install-the-latest-ydotool-1-0-1-keyboard-automation-tool-working-on
-
sudo cp /usr/lib/systemd/user/ydotoold.service /etc/systemd/system
-
sudo service ydotool start
-
sudo systemctl enable ydotool
-
ensure
export YDOTOOL_SOCKET=/tmp/.ydotool_socket
in/opt/pass-simple/bin/pass-simple.sh
. -
Open
pass-simple
and selectsetting
.set autotype to
ydotool type sequence
If compile yourself
-
If compile
rnpgp
yourself follow https://www.rnpgp.org/software/rnp/docs/installation/ and install thebotan
version as requested in the document. -
install qt https://web.stanford.edu/dept/cs_edu/resources/qt/install-linux
Notice: Qt6 packages in the deb repository are broken, so download the install from Qt.com
-
pull submodules
https://stackoverflow.com/questions/1030169/pull-latest-changes-for-all-git-submodules
-
qt-cmake
and build.~/Qt/6.5.0/gcc_64/bin/qt-cmake -DCMAKE_BUILD_TYPE=Release ../pass-simple-qt/ cmake --build .
keyboard shortcuts
Cmd S Save in preview mode.
Cmd F Toggle Find/search.
Cmd T Toggle tree view.
Cmd , Toggle Settings.
Cmd M Toggle Markdown.
Cmd Y Sync - Add,commit,pull and push.
Cmd L Toggle text and YAML in preview mode.
Cmd Shift L Logout - End gpg session, clear clipboard and search fields.
Cmd U Open Url field found (YAML mode only).
Cmd E Toggle Preview On/Off.
Cmd O Open externally with vscode
(available when Preview is ON or OFF).
Built With
- Qt Quick and QT6 Open Source
- Gpgmepp
- GnuPG Made Easy (GPGME)
- LibGpgError
- pinentry-mac (Mac only) On ubuntu 20.04 - already installed and configured for wayland
- https://github.com/jbeder/yaml-cpp/
- Icons by https://icons8.com/icons/
- Icons by https://developers.google.com/fonts/docs/material_icons
- keepassxc totp
- keepassxc allow screen capture
- cog
- thread-pool
- rnp
LICENSE
https://github.com/shemeshg/pass-simple-qt/blob/main/LICENSE