PLASS(1) General Commands Manual PLASS(1)

plassmanage passwords

plass [-h] command [argument ...]

plass is a password manager. Every password lives inside a gpg(1) encrypted file somewhere inside ~/.password-store which is managed with the got(1) version control system to keep track of changes, recovery accidental overwrites and synchronize it across devices.

The options are as follows:

Display usage information and exit immediately.

The following commands are available:

entries ...
Decrypt and print the content of entries in the given order.
Interactively modify the content of the given entry with an editor.
Print the entries of the store one per line, optionally filtered by the case-insensitive extended regular expression pattern.
from to
Rename a password entry, doesn't work with directories. from must exist and to mustn't.
entries ...
Remove the given entries from the store.
[-q] entry
Persist the data read from standard input into the store under the given entry name and then print it again on the standard output unless the -q option is given.

Password entries can be referenced using the path relative to the store directory. The file extension “.gpg” can be omitted.

Path to the gpg(1) executable.
Alternative path to the password store directory tree.
The editor spawned by plass edit. If not set, the ed(1) text editor will be used to give it the attention it deserves.

Default password store.
File containing the GPG recipient used to encrypt the passwords.

The plass utility exits 0 on success, and >0 if an error occurs.

A got repository and password store can be initialized as follows:

$ mkdir ~/.password-store
$ echo > ~/.password-store/.gpg-id
$ gotadmin init ~/git/pass.git
$ got import -r ~/git/pass.git -m 'initial import' ~/.password-store
$ got checkout -E ~/git/pass.git ~/.password-store

see got(1) for more information.

To migrate from pass(1), delete ~/.password-store and check out it again using got(1).

Generate a random password and save it to the clipboard:

$ pwg | plass tee entry/name | xsel -b

Generate a TOTP token using the secret stored in the password store:

$ plass cat 2fa/codeberg/op | totp

Interactively edit the contents of entry/name with mg(1):

$ env VISUAL=mg plass edit entry/name

Display the entries matching ‘key’ arranged comfortably for reading in a terminal window:

$ plass find key | rs

Enable tab-completion of plass command names and entries in ksh(1):

$ set -A complete_plass_1 -- cat edit find mv rm tee
$ set -A complete_plass -- $(plass find)

got(1), gpg(1), pwg(1), totp(1)

plass was heavily influenced by pass(1) in the design, but it's a different implementation that prioritizes ease of use and composability.

The plass utility was written by Omar Polo <>.

plass find output format isn't designed to handle files containing newlines. Use find(1) -print0 or similar if it's a concern.

plass mv is not able to move directory trees, only file entries.

There isn't an init sub-command, the store initialization must be performed manually.

August 30, 2023 OpenBSD 7.4