Alt text pass simple

Multi-platform GUI for pass, the standard unix password manager

The advantages of pass simple include the use of GPGME (native C++, seamless integration with Security cards) or rnp (realtime,multithreading and windows support), as well as support for YAML and Markdown.

Homepage: https://sourceforge.net/projects/pass-simple/

Github and support: https://github.com/shemeshg/pass-simple-qt

Screenshots: https://github.com/shemeshg/pass-simple-qt/wiki

Rnp & Security card integration

  • create a script that accept keyId as parameter.

    #!/bin/sh
    /usr/local/bin/gpg -d /outside/your/password-store/$1.gpg
    
  • chmod +x script name

  • Encrypt the /outside/your/password-store/$1.gpg where $1 as your keyId.
    with a content of your password.

  • Set Rnp pass std exec path in settings, to your script.

Markdown

  • Markdown is CommonMark plus the GitHub extensions for tables and task lists (see https://doc.qt.io/qt-6/qml-qtquick-text.html).

  • Inline Images are not supported

  • Links with relative path to other .pgp in the same password store are supported,

    link should not include the .pgp extension, for example

    # Header
    
    [ref to a/b file.pgp](<a/b file>)
    
    or <a/b file>
    

Yaml

  • Since pass simple store totp in yaml, to read generated totp use

    gopass show fileName|yq '.["totp"]' | oathtool -b --totp -
    
  • text starts with - or # can not be YAML, and is considered standard text.

  • For YAML compatability with password in first line tools, it is possible to put a dummy null field.

    _: ~
    user: user1
    password: 12345
    

Fields type

  • textedit - supports
    • autotype of selected text
    • MarkDown read only view
  • texteditMasked
  • text
  • url
  • password
  • totp
  • datetime

Changing password

Autotype types the last saved value.

After duplicate current filed with an "OLD_" prefix ("OLD_password") in edit field type, remember to save.

R.click tree view

(Not git aware)

  • Add folder.

  • Delete selected.

  • Rename selected.

  • Move selected using drag and drop.

    move available only within the same .gpg authorization folder.

Case insensitive search

  • Default search is case-sensitive (using std::find). To make it case-insensitive, add an additional .* to the regex.

For example: .*WhatEver.*.* (beware of the std::regex bug in Linux gcc 14).

install platform specific

  • Rnp do not self sign your Id, so import public ID in pass-simple using gnupg mode.

    On windows gnupg mode not applicable, so:

    $ gpg --edit-key jane@acme.org
    gpg> lsign
    gpg> y
    gpg> save
    
  • On windows use gopass instead of pass.

Mandatory

  1. Create a note with pass command line, ensure all well

    pass
    pass edit whatever
    
  2. Ensure you can read and write the test note created before.

  3. setup git

    Avoid this set by using gopass clone

  • if not using gopass.

    Prefer manually to ensure gpg absolute path, also mandatory after git clone.

    # New repository
    git init  
    echo '*.gpg diff=gpg' > ".gitattributes"
    # New and Cloned repository
    git config --local diff.gpg.binary true
    git config --local diff.gpg.textconv "`which gpg` -d --quiet --yes --compress-algo=none --no-encrypt-to"
    

    Or using pass, and correct the diff.gpg.textconv with above.

    export PASSWORD_STORE_DIR=/Volumes/volume\ name/password-store
    pass git init
    
  1. Ensure you can git commit -am "commit".

  2. create additional change and ensure you can git diff HEAD~ and see last change in clear text.

  3. Set restoreWindows in vscode to folder or none

    It is always good practice to close all vscode opened tabs before closing pass simple otherwise vscode might recreate temporary files edited.

Optional/Advanced

  1. Protect your '.gpg_id' or specific folders with Git-Enforced Policy (git server and client hooks)

    https://git-scm.com/book/en/v2/Customizing-Git-An-Example-Git-Enforced-Policy

  2. Use disk encryption - tomb/veracrypt or mac's diskutil to protect the repository itself.

    password for the disk encryption can be stored in the default repository (~/.password-store/), and then link mounted encrypted repository with ln -s (like mounts in gopass)

  3. Consider using yubikey or move secret keys to USB drive

    Use rotate subkey for different devices, or ASDK for team members.

  4. Backup your store to other drive or remote ssh server

    https://stackoverflow.com/questions/39471072/how-to-create-a-local-push-destination-on-a-hard-disk-using-git

    Ensure you can git pull and git push

  5. protect application configuration file as readonly with chmod, or AppArmor

Windows specific

Windows runs natively with Rnpgp and gnupg backend. Backup your gnupg keys before converting from sqlite to kbx.

install software

  1. install gpg4win

    winget install gpg4win

  2. install chocolatey (via copy past into PowerShell)

    https://chocolatey.org/install

  3. install gopass

    choco install gopass

    https://github.com/gopasspw/gopass/blob/master/docs/setup.md

  4. initialize gopass with gopass setup

  5. list keys, and inspect store location and key format.

    gpg --list-keys

  6. convert gpg4win sqlite to kbx using gpg-disable-keyboxd.

    https://gpg4win.org/version4.2.html

  7. use gopass to create and edit a test document.

  8. Run NSIS installer executable

    or manually Extract the deployed windows zip folder, and run pass-simple.exe from windows explorer. (application is not signed, so confirm security screen).

  9. Windows Os does not recognize dot initial as hidden, so at the root of the repository.

Get-ChildItem -Path . -Force -Filter ".*" | ForEach-Object { $_.Attributes = 'Hidden' }

Mac specific

  1. Install pass

    brew install pass pinentry-mac
    
    echo "pinentry-program `which pinentry-mac`" >> ~/.gnupg/gpg-agent.conf
    
    gpgconf --kill gpg-agent
    
    defaults write org.gpgtools.common UseKeychain -bool NO
    
  2. Install pass-simple

    brew install --cask shemeshg/homebrew-tap/pass-simple
    
  3. "XYZ Is Damaged and Can’t Be Opened. You Should Move It To The Trash"

    See https://discussions.apple.com/thread/253714860?sortBy=rank

    xattr -c /Applications/pass-simple.app/
    codesign --force --deep --sign - /Applications/pass-simple.app
    
  4. Mac has no /dev/shm you can create temporary ram drive after every boot with.

    diskutil erasevolume HFS+ RAM_Disk_4G `hdiutil attach -nomount ram://8192000`
    
  5. alias for cli

    alias pass-simple='nohup /Applications/pass-simple.app/Contents/MacOS/pass-simple > /dev/null 2>&1 &'
    

dev packages

brew install gpgme libgpg-error pinentry-mac
brew tap rnpgp/rnp
brew install rnp

Ubuntu specific

The .deb file and the .zip files are already qt-deployed. If you are using other distro like Fedora, you can extract the contents of the .deb file or download the linux zip, extract it to /opt and run.

  1. Download the deb file and install

    sudo dpkg -r pass-simple
    sudo dpkg -i ./pass-simple-1.x.x-Linux.deb    
    

    on ubuntu 24.04 sudo apt --fix-broken install and repeat.

  2. Install dependencies if compile yourself (or not using the deb file)

    sudo apt-get -y  install pass gnupg2 libgpgme-dev libgpgmepp-dev libbz2-dev libjson-c-dev
    
  3. Install ydotool autotype.

    For Manual compilation https://askubuntu.com/questions/1413829/how-can-i-install-the-latest-ydotool-1-0-1-keyboard-automation-tool-working-on

  • sudo cp /usr/lib/systemd/user/ydotoold.service /etc/systemd/system

  • sudo service ydotool start

  • sudo systemctl enable ydotool

  • ensure export YDOTOOL_SOCKET=/tmp/.ydotool_socket in /opt/pass-simple/bin/pass-simple.sh.

  • Open pass-simple and select setting.

    set autotype to

    ydotool type sequence
    

If compile yourself

  1. If compile rnpgp yourself follow https://www.rnpgp.org/software/rnp/docs/installation/ and install the botan version as requested in the document.

  2. install qt https://web.stanford.edu/dept/cs_edu/resources/qt/install-linux

    Notice: Qt6 packages in the deb repository are broken, so download the install from Qt.com

  3. pull submodules

    https://stackoverflow.com/questions/1030169/pull-latest-changes-for-all-git-submodules

  4. qt-cmake and build.

    ~/Qt/6.5.0/gcc_64/bin/qt-cmake -DCMAKE_BUILD_TYPE=Release ../pass-simple-qt/
    cmake --build .
    

keyboard shortcuts

Cmd S Save in preview mode.

Cmd F Toggle Find/search.

Cmd T Toggle tree view.

Cmd , Toggle Settings.

Cmd M Toggle Markdown.

Cmd Y Sync - Add,commit,pull and push.

Cmd L Toggle text and YAML in preview mode.

Cmd Shift L Logout - End gpg session, clear clipboard and search fields.

Cmd U Open Url field found (YAML mode only).

Cmd E Toggle Preview On/Off.

Cmd O Open externally with vscode (available when Preview is ON or OFF).

Built With

LICENSE

https://github.com/shemeshg/pass-simple-qt/blob/main/LICENSE