gopass
This is an experimental fork of the gopass password manager. I really like the functionality provided by gopass, but the interface just doesn't feel right for me personally. I think it's just a bit too "playful" for my tastes. As part of my journey to learn more about the Go language, I decided to experiment with gopass to see if I can create a cleaner, more professional interface along the lines of the GitHub CLI Design Guidelines.
I've also been getting more and more frustrated with how cumbersome GPG encryption is to use. I've become quite interested in the age encryption algorithm used in passage, a fork of the original ZX2C4 pass password manager. gopass already has some support for age encryption, but I think it would also be interesting to try to implement full interoperability with passage.
Note that updating this README will probably be one of the last things to get done, so the following information may be out-of-sync with the actual implementation for quite some time.
Introduction
gopass is a password manager for the command line written in Go. It works on all major desktop and server operating systems (Linux, MacOS, BSD, Windows).
For detailed usage and installation instructions please check out our documentation.
Features
Please see docs/features.md for an extensive list of all features along with several usage examples. Some examples are available in our example password store.
| Feature | State | Description |
|---|---|---|
| Secure secret storage | stable | Securely storing encrypted secrets |
| Multiple stores | stable | Mount multiple stores in your root store, like file systems |
| Recipient management | stable | Easily manage multiple users of each store |
| password quality assistance | beta | Checks existing or new passwords for common flaws offline |
| password leak checker | integration | Perform offline checks against known leaked passwords using gopass-hibp |
| PAGER support | stable | Automatically invoke a pager on long output |
| JSON API | integration | Allow gopass to be used as a native extension for browser plugins |
| Automatic fuzzy search | stable | Automatically search for matching store entries if a literal entry was not found |
| gopass sync | stable | Easy to use syncing of remote repos and GPG keys |
| OTP support | stable | Generate TOTP/(HOTP) tokens based on the stored secret |
| Extensions | Extend gopass with custom commands using our API | |
| Fully open source! | No need to trust it, check our code and/or improve it! |
Design Principles
Gopass is a versatile command line based password manager that is being developed with the following principles in mind:
- Easy: For technical users (i.e. those who are used to the command line) it should be easy to get started with gopass.
- Secure: Security is hard. We aim to make it as easy as possible while still providing a good level of protection against common adversaries. Caution: If your personal threat level is very high, we might not offer a good tool for you.
- Extensible: While Gopass includes a fair amount of useful features, we can't cover every use-case. To support more special use cases we want to provide a clean and simple API to integration gopass into your own binaries.
Installation
Please see docs/setup.md.
If you have Go 1.18 (or greater) installed:
go install github.com/kpitt/gopass@latest(and make sure your $GOBIN is in your $PATH.)
WARNING: Please prefer releases, unless you want to contribute to the development of gopass. The master branch might not be stable and can contain breaking changes without any notice.
Getting Started
Either initialize a new git repository or clone an existing one.
New password store
$ gopass init
Initializing a new password store:
- Searching for usable private keys...
! Hint: Use 'gopass init <subkey> to use subkeys!'
? Please select a private key for encrypting secrets:
[0] gpg - 0xFEEDBEEF - John Doe <john.doe@example.org>
Please enter the number of a key (0-12, [q]uit) (q to abort) [0]: 0
✓ Wrote recipients to .gpg-id
git initialized at ~/.local/share/gopass/stores/root
git configured at ~/.local/share/gopass/stores/root
Initialized git repository for "John Doe" <john.doe@example.org>...
✓ Password store ~/.local/share/gopass/stores/root initialized for:
- 0xFEEDBEEF - John Doe <john.doe@example.org>
Hint: gopass init will use gpg encryption and git storage by default.
Existing password store
$ gopass clone git@gitlab.example.org:john/passwords.git
Cloning existing password store from "git@gitlab.example.org:john/passwords.git"...
! Cloning git repository "git@gitlab.example.org:john/passwords.git" to "/home/john/.local/share/gopass/stores/root"...
! Configuring git repository...
- Gathering information for the git repository...
? What is your name? [John Doe]:
? What is your email? [john.doe@example.org]:
Your password store is ready to use! Have a look around: `gopass list`
Upgrade
To upgrade with Go installed, run:
go install github.com/kpitt/gopass@latestOtherwise, use your package manager to upgrade or use the setup docs mentioned in the installation section to reinstall the latest version.
Development
This project uses GitHub Flow. In other words, create feature branches from master, open an PR against master, and rebase onto master if necessary.
We aim for compatibility with the latest stable Go Release only.
While this project is maintained by volunteers in their free time we aim to triage issues weekly and release a new version at least every quarter.
Credit & License
gopass is licensed under the terms of the MIT license. You can find the complete text in LICENSE.
Please refer to the Git commit log for a complete list of contributors.
Community
gopass is developed in the open. Here are some of the channels we use to communicate and contribute:
- Issue tracker: Use the GitHub issue tracker to file bugs and feature requests.
Integrations
- gopassbridge: Browser plugin for Firefox, Chrome and other Chromium based browsers
- gopass-ui: Graphical user interface for gopass
- kubectl gopass: Kubernetes / kubectl plugin to support reading and writing secrets directly from/to gopass.
- gopass alfred: Alfred workflow to use gopass from the Alfred Mac launcher
- git-credential-gopass: Integrate gopass as an git-credential helper
- gopass-hibp: haveibeenpwned.com leak checker
- gopass-jsonapi: native messaging for browser plugins, e.g. gopassbridge
- gopass-summon-prover: gopass as a summon provider
terraform-provider-gopass: a Terraform provider to interact with gopass- chezmoi: dotfile manager with gopass support
- tessen: autotype and copy gopass data on wayland compositors on Linux
- raycast-gopass: a gopass extension for Raycast Mac launcher
Mobile apps
- Pass - Password Store - iOS, source code, supports only 1 repository now
- Password Store - Android
Related Projects
- pass - The inspiration for this project, by Jason A. Donenfeld.
gopassis a drop-in replacement forpassand can be used interchangeably (mostly!). - passage - passage is a fork of password-store that uses
age as a backend instead of GnuPG.
gopasshas some amount of support forpassagebut cannot be used fully interchangeably as of today. This might change in the future.
Contributing
We welcome any contributions. Please see the CONTRIBUTING.md file for instructions on how to submit changes.