plass is a simple password manager.
Passwords are stored as a directory tree where every password is a file
encrypted with gpg(1).
A password store is a got(1) repository with a worktree checked out at
PLASS_STORE). The only restriction is that a special
file called .gpg-id containing the GPG recipient
must exist in the root of the directory tree for most
plass commands to work.
Password entries can be referenced using the path relative to the store directory. The file extension “.gpg” is optional.
plass provides global and command-specific
options. Global options must precede the command name, and are as
- Display usage information and exit immediately.
The following commands are available:
- Decrypt and print the content of entries in the given order.
- Print the entries of the store one per line, optionally filtered by pattern.
- Generate and persist a password for the given entry
in the store.
-ccan be used to control the characters allowed in the password (by default “!-~” i.e. all the printable ASCII characters) and
-lthe length (32 by default). Unless the
-qflag is provided, print the generated password. If the
-nflag is given the password won't be persisted and the entry argument is optional.
- Rename a password entry, doesn't work with directories. from must exist and to mustn't.
- Remove the given entries from the store.
- Persist the data read from standard input into the store under the given
entry name and the print it again on the standard
output unless the
-qoption is given.
- default range of characters to use to generate passwords.
- Path to the got(1) executable.
- Path to the gpg(1) executable.
- Default length for the generated passwords.
- Path to the password store directory tree.
- Password store used by default.
- File containing the GPG recipient used to encrypt the passwords.
plass utility exits 0 on
success, and >0 if an error occurs.
A got repository and password store can be initialized as follows:
$ mkdir ~/.password-store $ echo email@example.com > ~/.password-store/.gpg-id $ gotadmin init ~/git/pass.git $ got import -r ~/git/pass.git -m 'initial import' ~/.password-store $ got checkout -E ~/git/pass.git ~/.password-store
see got(1) for more information.
To migrate from pass(1), delete ~/.password-store and check out it again using got(1).
To generate a temporary random password use
$ plass gen -n
Display the entries matching ‘key’ arranged comfortably for reading in a terminal window:
$ plass find key | rs
got(1), gpg(1), pass(1)
plass was heavily influenced by
pass(1) in the design, but
it's a different implementation that prioritizes ease of use and
plass utility was written by
format isn't designed to handle files containing newlines. Use
-print0 or similar if it's a concern.
mv is not
able to move directory trees, only file entries.
There isn't a
init sub-command, the store
initialization must be performed manually.