🧪 Skills

pass - stores, retrieves, generates, and synchronizes passwords securely

Complete guide for using pass, the standard Unix password manager. Use this skill whenever the user asks about pass, password-store, managing passwords from...

v1.0.0
❤️ 0
⬇️ 191
👁 1
Save📁 Collect
Share

Description

name: pass description: > Complete guide for using pass, the standard Unix password manager. Use this skill whenever the user asks about pass, password-store, managing passwords from the terminal, GPG-encrypted passwords, setting up pass for the first time, inserting or generating passwords, syncing a password store with git, using pass-otp for TOTP codes, importing passwords from another manager, or any task involving the pass CLI. Trigger on phrases like "set up pass", "add a password to pass", "sync my password store", "generate a password", "pass git", "pass-otp", "pass-import", or any variation.

pass — The Standard Unix Password Manager

Each password is a GPG-encrypted file under ~/.password-store/. The store is plain files in a folder hierarchy; no proprietary formats, no daemon.

1. Installation

Linux

Distro Command
Arch / Manjaro pacman -S pass
Debian / Ubuntu apt install pass
Fedora / RHEL dnf install pass
openSUSE zypper in password-store

macOS

brew install pass

2. GPG Key Setup

pass requires a GPG key. Skip this block if you already have one.

# Generate a new key (use RSA 4096 or ed25519)
gpg --full-generate-key

# List your keys — note the key ID or email
gpg --list-secret-keys --keyid-format LONG

The key ID looks like 3AA5C34371567BD2 or you can use the email you registered.

3. Initialise the Store

pass init "your@email.com"
# or using the key ID:
pass init 3AA5C34371567BD2

This creates ~/.password-store/ and a .gpg-id file.

Multiple GPG IDs are supported (for team use):

pass init alice@example.com bob@example.com

Use -p to scope a different GPG key to a subfolder (useful for shared stores):

pass init -p work/ work@company.com

Running pass init on an existing store re-encrypts all entries with the new key(s).

4. Data Organisation Convention

Store each entry as a multiline file with this structure:

<password>
url: https://example.com
username: you@example.com
notes: anything extra
  • First line is always the password. pass -c and clipboard tools only copy line 1.
  • Use lowercase keys (url:, username:, notes:) for compatibility with browser extensions and pass-import.
  • Organise with folders that mirror context, not the URL structure:
~/.password-store/
├── email/
│   ├── gmail
│   └── fastmail
├── dev/
│   ├── github
│   └── npm
└── finance/
    ├── bank-hsbc
    └── revolut

5. Daily Usage

List the store

pass                       # full tree
pass email/                # subtree
pass ls email/             # explicit alias

Find entries by name

pass find github           # lists all entries whose path matches "github"

Read a password

pass email/gmail           # print all lines to stdout
pass -c email/gmail        # copy line 1 to clipboard (clears after 45s)
pass -c2 email/gmail       # copy line 2 (e.g. the username) to clipboard

Search inside decrypted content

pass grep username         # grep across all decrypted entries
pass grep -i "amazon"      # case-insensitive; accepts any grep option

Insert an existing password

pass insert email/gmail              # prompted twice for confirmation
pass insert -e email/gmail           # echo password as you type (single prompt)
pass insert -m email/gmail           # multiline (recommended, ends with Ctrl-D)
pass insert -f email/gmail           # overwrite without prompt

Generate a new password

pass generate email/gmail            # 25-char password (default length)
pass generate email/gmail 20        # custom length
pass generate -n email/gmail 20     # no symbols
pass generate -c email/gmail 20     # copy to clipboard instead of printing
pass generate -i email/gmail 20     # replace only line 1, keep rest of file
pass generate -f email/gmail 20     # overwrite without prompt

Edit an entry

pass edit email/gmail      # opens $EDITOR; creates entry if it doesn't exist

Remove an entry

pass rm email/gmail
pass rm -r email/          # remove a folder recursively
pass rm -f email/gmail     # no confirmation prompt

Move / copy

pass mv email/gmail email/gmail-old
pass mv -f email/gmail email/gmail-old   # overwrite without prompt
pass cp email/gmail backup/gmail
pass cp -f email/gmail backup/gmail      # overwrite without prompt

6. Git Sync

Initialise git inside the store:

pass git init
pass git remote add origin git@github.com:you/pass-store.git

Every pass insert, generate, edit, rm automatically creates a git commit. Push and pull manually:

pass git push
pass git pull

To clone the store on another machine:

# Import your GPG key first:
gpg --import private-key.asc
gpg --edit-key your@email.com  # then: trust → 5 → quit

# Clone the store:
git clone git@github.com:you/pass-store.git ~/.password-store

7. Extensions

pass-otp (TOTP / 2FA codes)

# Install
pacman -S pass-otp          # Arch
brew install pass-otp       # macOS

# Add a TOTP secret (use the otpauth:// URI from your provider)
pass otp insert totp/github
# paste: otpauth://totp/GitHub:you@example.com?secret=BASE32SECRET&issuer=GitHub

# Generate a code
pass otp totp/github

# Copy to clipboard
pass otp -c totp/github

pass-import (migrate from another manager)

pip install pass-import    # or: pacman -S pass-import

# Import from Bitwarden (JSON export)
pass import bitwarden bitwarden-export.json

# Import from 1Password (1PUX export)
pass import 1password export.1pux

# List all supported formats
pass import --list

pass-update

# Install
git clone https://github.com/roddhjav/pass-update ~/.password-store/.extensions/update.bash

# Update a password interactively
pass update email/gmail

8. Shell Completion

# bash — add to ~/.bashrc
source /usr/share/bash-completion/completions/pass

# zsh — add to ~/.zshrc
autoload -U compinit && compinit

# fish — works out of the box after install

9. Useful Environment Variables

Variable Purpose
PASSWORD_STORE_DIR Override default ~/.password-store
PASSWORD_STORE_KEY Default GPG key ID
PASSWORD_STORE_GIT Override git directory
PASSWORD_STORE_CLIP_TIME Seconds before clipboard clears (default 45)
PASSWORD_STORE_ENABLE_EXTENSIONS Set to true to enable user extensions
EDITOR Editor used by pass edit

10. Troubleshooting

gpg: decryption failed: No secret key Your GPG key is not available. Import it with gpg --import and set trust.

gpg-agent keeps asking for passphrase Add to ~/.gnupg/gpg-agent.conf:

default-cache-ttl 3600
max-cache-ttl 14400

Then restart: gpgconf --kill gpg-agent

Clipboard does not clear on Wayland Install wl-clipboard and set PASSWORD_STORE_CLIP_TOOL=wl-copy or pass -c with wl-clipboard in PATH.

pass git shows dirty tree after clone Run pass git status; if only .gpg-id is untracked, run pass git add . and pass git commit -m "add gpg-id".

Reviews (0)

Sign in to write a review.

No reviews yet. Be the first to review!

Comments (0)

Sign in to join the discussion.

No comments yet. Be the first to share your thoughts!

Compatible Platforms

Links

📂 Source Code

Pricing

Free

Related Configs

🧪 Skill

self-improving-agent

Free

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...

❤️ 2.0k ⬇️ 218k
🧪 Skill

Self Improving Agent

Free

Captures learnings, errors, and corrections to enable continuous improvement. And also 50+ models for image generation, video generation, text-to-speech, spe...

❤️ 2.0k ⬇️ 206k
🧪 Skill

Find Skills

Free

Search, discover, and install skills from the open agent skills ecosystem to extend agent capabilities for specific tasks or domains.

❤️ 814 ⬇️ 199k
🧪 Skill

Summarize

Free

--- name: summarize description: Summarize URLs or files with the summarize CLI (web, PDFs, images, audio, YouTube). homepage: https://summarize.sh metadata: {"clawdbot":{"emoji":"🧾","requires":{"b

❤️ 609 ⬇️ 160k