Pass: Unix Password Manager

Posted by Bogdanp 9/13/2025

Pass: Unix Password Manager(www.passwordstore.org)

329 points | 181 commentspage 3

johntash 9/14/2025|

Huh, I thought pass wasn't developed anymore for some reason. Glad to see it still is!

I haven't used pass in a long time, but I used gopass for a while in a small team and it was pretty great.

obk0943t 9/14/2025||

There is still no just-download clients for pass on mobile which I think is why it's not a good option

notpushkin 9/14/2025||

There’s one for Android, though it has been looking for a new maintainer for a while now: https://github.com/android-password-store/Android-Password-S...

Edit: looks like there’s a community fork now! https://github.com/agrahn/Android-Password-Store

tretiy3 9/14/2025||

Life saver! New version lacks OpenKeychain integration (they discuss in issues that it is also no longer maintained). Abandoned version of Android Password Store had some issues with embedded PGP manager and was not working for me. But this fork works!

braincat31415 9/14/2025|||

I use it inside termux on android. There is a termux pass package. But it might be hard to input a complex decryption password on the phone keyboard.

cramsession 9/14/2025|||

I ssh in from my phone, which works pretty well.

bharrison 9/14/2025||

Same

mattacular 9/14/2025||

there is for iOS - passforios - https://apps.apple.com/us/app/pass-password-store/id12058205...

works great.

jiehong 9/14/2025||

On MacOS, I tried using the Password App for passwords, but there is no cli to access it in scripts.

The keychain is accessible with a cli, but is not very nice to work with. Which is a bit sad, because being able to use touchid when running a script or signing commits would be nice.

awaymazdacx5 9/14/2025||

I have twelve ISBNs that I encrypt for passwords.

Depending on which genre, managing key-rings has element of physical security to encrypt signatures in terminal and bash shell.

For full disk encryption, genfstab and /boot/grub/grub.cfg should contain sigs for partitions.

echo42null 9/14/2025||

Best practice question for syncing pass across devices: Since exporting and re-importing the private key to a phone seems risky, is the recommended approach to generate a separate GPG key pair on the mobile device and re-encrypt secrets to it?

TiddoLangerak 9/14/2025||

I have a different pubkey per device. I store all the pubkeys in the pass repo, and have a shell script to re-encrypt everything with those keys. So when I add a new device, I just need to add its pubkey, and then re-encrypt on an existing device.

wkat4242 9/15/2025||

I use yubikey over nfc with my phone. This way the private key material never reaches the phone.

Using the openkeychain app and password store.

I have multiple yubikeys as target for each password of course.

rednafi 9/14/2025||

GPG is a big detractor, at least for me. Working with the GPG agent is usually a subpar, if not outright confusing, experience. I’d happily take a version that uses ssh-agent instead to achieve the same.

Kwpolska 9/14/2025||

Pass might work if you really like terminals and only use computers with a Unix-like OS. But if you use a phone, or Windows, pass is just too clunky to use.

realusername 9/14/2025||

I'm using pass on a phone with Termux.

Sure it's a bit clunky but it's been working since 2014 without any interrution or privacy leak. I can't say the same about most password manager.

johannes1234321 9/14/2025||

The android "Password Store" app is okay'ish, integrates with accessibility API to offer auto fill in many apps.

wkat4242 9/15/2025||

It's perfect for me. And on windows and Linux I use QtPass and the browserpass plugin

commandersaki 9/14/2025||

I love Jason Donenfeld’s work, but I don’t really see the point of pass compared to using an encrypted text file, the latter being far more ergonomic.

integralid 9/14/2025|

pass is easier for me - it enforces some reasonable structure, works well with other Unix tools, and has a built-in git support. You don't have to use "pass" command for everything, for example for getting passwords interactively I just combine fzf and gpg directly.

If encrypted file works for you, that's great! But thinks like syncing it across devices, accessing entries programmatically, a mobile app all require rolling something on your own - pass solves this for you (while still being very simple).

edoceo 9/14/2025||

This is the wirgeuard dude. Jason is one of the GOATs

marssaxman 9/14/2025|

This is very similar to the way my own jury-rigged password manager works. I didn't know there was an existing tool.

More comments...