/passweb

Web frontend to Pass password store

Primary LanguagePerlMIT LicenseMIT

Web frontend to Pass password store

passweb is a web-based front end to a pass compatible password store. The pass application itself is not required to use passweb.

Dependencies

To install all the dependencies in Fedora:

dnf install perl git gnupg pinentry-qt perl-HTTP-Server-Simple

Configuration

Make sure the pinentry program is specified in ~/.gnupg/gpg-agent.conf

pinentry-program /usr/bin/pinentry-qt

If your remote password store git repository is accessed via ssh, setup ssh-agent.

Running

Start passweb specifiying the path to your password store and a port to use for the web interface:

passweb ~/password-store 1234 &

Point your browser to http://localhost:1234

Running in a container

passweb may also be run in a container. When running in a container the gpg passphrase is entered via the web interface instead of using the pinentry program. This documentation describes how to run the container using Podman but it should be similar for Docker.

Building the container

podman build -t passweb .

Initializing the container

The container uses a named volume for persistent storage. The volume contains the password store repository and ssh and git configurations.

Use the setup-container script to initialize the volume. Edit the variables at the top and run the script. It will copy your gpg configuration and ssh key to the volume. Then it will clone the password repository.

Running the container

podman run -d --rm --name passweb					      \
       -p 1234:1234							      \
       -v passweb:/home/passweb						      \
       -w /home/passweb							      \
       --user passweb							      \
       passweb passweb -c /home/passweb/password-store 1234

Adjust the port as necessary. You may also use the -t option to passweb to specify the timeout after which you need to re-enter the gpg passphrase. The default timeout is 60 seconds. The container uses ssh-agent to provide the ssh authentication for the git repository. Your ssh key password must be provided when the container is first run:

podman exec -it passweb ./agent

Now the container is configured and running. Point your browser to http://localhost:1234 Remember to re-run the agent script to provide your ssh key password if you restart the container.

Creating a pass compatible password store from scratch

gpg --gen-key				# generate gpg key
git init password-store			# initialize git repository
cd password-store
echo user@example.com > .gpg-id		# gpg id(s) to use for password store
git add .gpg-id
git commit -m "add .gpg-id" .gpg-id

Screenshots

Main

main

View

view

Edit

edit

License

Licensed under the MIT License, Copyright (c) 2025 Greg Renda