This is an experimental fork of the gopass password manager. I really like the functionality provided by gopass
, but the interface just doesn't feel right for me personally. I think it's just a bit too "playful" for my tastes. As part of my journey to learn more about the Go language, I decided to experiment with gopass
to see if I can create a cleaner, more professional interface along the lines of the GitHub CLI Design Guidelines.
I've also been getting more and more frustrated with how cumbersome GPG encryption is to use. I've become quite interested in the age encryption algorithm used in passage, a fork of the original ZX2C4 pass password manager. gopass
already has some support for age encryption, but I think it would also be interesting to try to implement full interoperability with passage
.
Note that updating this README will probably be one of the last things to get done, so the following information may be out-of-sync with the actual implementation for quite some time.
gopass is a password manager for the command line written in Go. It works on all major desktop and server operating systems (Linux, MacOS, BSD, Windows).
For detailed usage and installation instructions please check out our documentation.
Please see docs/features.md for an extensive list of all features along with several usage examples. Some examples are available in our example password store.
Feature | State | Description |
---|---|---|
Secure secret storage | stable | Securely storing encrypted secrets |
Multiple stores | stable | Mount multiple stores in your root store, like file systems |
Recipient management | stable | Easily manage multiple users of each store |
password quality assistance | beta | Checks existing or new passwords for common flaws offline |
password leak checker | integration | Perform offline checks against known leaked passwords using gopass-hibp |
PAGER support | stable | Automatically invoke a pager on long output |
JSON API | integration | Allow gopass to be used as a native extension for browser plugins |
Automatic fuzzy search | stable | Automatically search for matching store entries if a literal entry was not found |
gopass sync | stable | Easy to use syncing of remote repos and GPG keys |
OTP support | stable | Generate TOTP/(HOTP) tokens based on the stored secret |
Extensions | Extend gopass with custom commands using our API | |
Fully open source! | No need to trust it, check our code and/or improve it! |
Gopass is a versatile command line based password manager that is being developed with the following principles in mind:
- Easy: For technical users (i.e. those who are used to the command line) it should be easy to get started with gopass.
- Secure: Security is hard. We aim to make it as easy as possible while still providing a good level of protection against common adversaries. Caution: If your personal threat level is very high, we might not offer a good tool for you.
- Extensible: While Gopass includes a fair amount of useful features, we can't cover every use-case. To support more special use cases we want to provide a clean and simple API to integration gopass into your own binaries.
Please see docs/setup.md.
If you have Go 1.18 (or greater) installed:
go install github.com/kpitt/gopass@latest
(and make sure your $GOBIN
is in your $PATH
.)
WARNING: Please prefer releases, unless you want to contribute to the development of gopass. The master branch might not be stable and can contain breaking changes without any notice.
Either initialize a new git repository or clone an existing one.
$ gopass init
Initializing a new password store:
- Searching for usable private keys...
! Hint: Use 'gopass init <subkey> to use subkeys!'
? Please select a private key for encrypting secrets:
[0] gpg - 0xFEEDBEEF - John Doe <john.doe@example.org>
Please enter the number of a key (0-12, [q]uit) (q to abort) [0]: 0
✓ Wrote recipients to .gpg-id
git initialized at ~/.local/share/gopass/stores/root
git configured at ~/.local/share/gopass/stores/root
Initialized git repository for "John Doe" <john.doe@example.org>...
✓ Password store ~/.local/share/gopass/stores/root initialized for:
- 0xFEEDBEEF - John Doe <john.doe@example.org>
Hint: gopass init
will use gpg
encryption and git
storage by default.
$ gopass clone git@gitlab.example.org:john/passwords.git
Cloning existing password store from "git@gitlab.example.org:john/passwords.git"...
! Cloning git repository "git@gitlab.example.org:john/passwords.git" to "/home/john/.local/share/gopass/stores/root"...
! Configuring git repository...
- Gathering information for the git repository...
? What is your name? [John Doe]:
? What is your email? [john.doe@example.org]:
Your password store is ready to use! Have a look around: `gopass list`
To upgrade with Go installed, run:
go install github.com/kpitt/gopass@latest
Otherwise, use your package manager to upgrade or use the setup docs mentioned in the installation section to reinstall the latest version.
This project uses GitHub Flow. In other words, create feature branches from master, open an PR against master, and rebase onto master if necessary.
We aim for compatibility with the latest stable Go Release only.
While this project is maintained by volunteers in their free time we aim to triage issues weekly and release a new version at least every quarter.
gopass is licensed under the terms of the MIT license. You can find the complete text in LICENSE
.
Please refer to the Git commit log for a complete list of contributors.
gopass is developed in the open. Here are some of the channels we use to communicate and contribute:
- Issue tracker: Use the GitHub issue tracker to file bugs and feature requests.
- gopassbridge: Browser plugin for Firefox, Chrome and other Chromium based browsers
- gopass-ui: Graphical user interface for gopass
- kubectl gopass: Kubernetes / kubectl plugin to support reading and writing secrets directly from/to gopass.
- gopass alfred: Alfred workflow to use gopass from the Alfred Mac launcher
- git-credential-gopass: Integrate gopass as an git-credential helper
- gopass-hibp: haveibeenpwned.com leak checker
- gopass-jsonapi: native messaging for browser plugins, e.g. gopassbridge
- gopass-summon-prover: gopass as a summon provider
terraform-provider-gopass
: a Terraform provider to interact with gopass- chezmoi: dotfile manager with gopass support
- tessen: autotype and copy gopass data on wayland compositors on Linux
- raycast-gopass: a gopass extension for Raycast Mac launcher
- Pass - Password Store - iOS, source code, supports only 1 repository now
- Password Store - Android
- pass - The inspiration for this project, by Jason A. Donenfeld.
gopass
is a drop-in replacement forpass
and can be used interchangeably (mostly!). - passage - passage is a fork of password-store that uses
age as a backend instead of GnuPG.
gopass
has some amount of support forpassage
but cannot be used fully interchangeably as of today. This might change in the future.
We welcome any contributions. Please see the CONTRIBUTING.md file for instructions on how to submit changes.