/gopass

An experimental fork of gopass, the "slightly more awesome standard unix password manager for teams"

Primary LanguageGoMIT LicenseMIT

gopass

Build Status Go Report Card MIT License Github All Releases

This is an experimental fork of the gopass password manager. I really like the functionality provided by gopass, but the interface just doesn't feel right for me personally. I think it's just a bit too "playful" for my tastes. As part of my journey to learn more about the Go language, I decided to experiment with gopass to see if I can create a cleaner, more professional interface along the lines of the GitHub CLI Design Guidelines.

I've also been getting more and more frustrated with how cumbersome GPG encryption is to use. I've become quite interested in the age encryption algorithm used in passage, a fork of the original ZX2C4 pass password manager. gopass already has some support for age encryption, but I think it would also be interesting to try to implement full interoperability with passage.

Note that updating this README will probably be one of the last things to get done, so the following information may be out-of-sync with the actual implementation for quite some time.

Introduction

gopass is a password manager for the command line written in Go. It works on all major desktop and server operating systems (Linux, MacOS, BSD, Windows).

For detailed usage and installation instructions please check out our documentation.

Features

Please see docs/features.md for an extensive list of all features along with several usage examples. Some examples are available in our example password store.

Feature State Description
Secure secret storage stable Securely storing encrypted secrets
Multiple stores stable Mount multiple stores in your root store, like file systems
Recipient management stable Easily manage multiple users of each store
password quality assistance beta Checks existing or new passwords for common flaws offline
password leak checker integration Perform offline checks against known leaked passwords using gopass-hibp
PAGER support stable Automatically invoke a pager on long output
JSON API integration Allow gopass to be used as a native extension for browser plugins
Automatic fuzzy search stable Automatically search for matching store entries if a literal entry was not found
gopass sync stable Easy to use syncing of remote repos and GPG keys
OTP support stable Generate TOTP/(HOTP) tokens based on the stored secret
Extensions Extend gopass with custom commands using our API
Fully open source! No need to trust it, check our code and/or improve it!

Design Principles

Gopass is a versatile command line based password manager that is being developed with the following principles in mind:

  • Easy: For technical users (i.e. those who are used to the command line) it should be easy to get started with gopass.
  • Secure: Security is hard. We aim to make it as easy as possible while still providing a good level of protection against common adversaries. Caution: If your personal threat level is very high, we might not offer a good tool for you.
  • Extensible: While Gopass includes a fair amount of useful features, we can't cover every use-case. To support more special use cases we want to provide a clean and simple API to integration gopass into your own binaries.

Installation

Please see docs/setup.md.

If you have Go 1.18 (or greater) installed:

go install github.com/kpitt/gopass@latest

(and make sure your $GOBIN is in your $PATH.)

WARNING: Please prefer releases, unless you want to contribute to the development of gopass. The master branch might not be stable and can contain breaking changes without any notice.

Getting Started

Either initialize a new git repository or clone an existing one.

New password store

$ gopass init

Initializing a new password store:

- Searching for usable private keys...
! Hint: Use 'gopass init <subkey> to use subkeys!'
? Please select a private key for encrypting secrets:
[0] gpg - 0xFEEDBEEF - John Doe <john.doe@example.org>
Please enter the number of a key (0-12, [q]uit) (q to abort) [0]: 0
✓ Wrote recipients to .gpg-id
git initialized at ~/.local/share/gopass/stores/root
git configured at ~/.local/share/gopass/stores/root
Initialized git repository for "John Doe" <john.doe@example.org>...
✓ Password store ~/.local/share/gopass/stores/root initialized for:
- 0xFEEDBEEF - John Doe <john.doe@example.org>

Hint: gopass init will use gpg encryption and git storage by default.

Existing password store

$ gopass clone git@gitlab.example.org:john/passwords.git

Cloning existing password store from "git@gitlab.example.org:john/passwords.git"...

! Cloning git repository "git@gitlab.example.org:john/passwords.git" to "/home/john/.local/share/gopass/stores/root"...
! Configuring git repository...
- Gathering information for the git repository...
? What is your name? [John Doe]:
? What is your email? [john.doe@example.org]:
Your password store is ready to use! Have a look around: `gopass list`

Upgrade

To upgrade with Go installed, run:

go install github.com/kpitt/gopass@latest

Otherwise, use your package manager to upgrade or use the setup docs mentioned in the installation section to reinstall the latest version.

Development

This project uses GitHub Flow. In other words, create feature branches from master, open an PR against master, and rebase onto master if necessary.

We aim for compatibility with the latest stable Go Release only.

While this project is maintained by volunteers in their free time we aim to triage issues weekly and release a new version at least every quarter.

Credit & License

gopass is licensed under the terms of the MIT license. You can find the complete text in LICENSE.

Please refer to the Git commit log for a complete list of contributors.

Community

gopass is developed in the open. Here are some of the channels we use to communicate and contribute:

Integrations

Mobile apps

Related Projects

  • pass - The inspiration for this project, by Jason A. Donenfeld. gopass is a drop-in replacement for pass and can be used interchangeably (mostly!).
  • passage - passage is a fork of password-store that uses age as a backend instead of GnuPG. gopass has some amount of support for passage but cannot be used fully interchangeably as of today. This might change in the future.

Contributing

We welcome any contributions. Please see the CONTRIBUTING.md file for instructions on how to submit changes.

Further Documentation

External Documentation