README
¶
gopass
Introduction
gopass is a password manager for the command line written in Go. It works on all major desktop and server operating systems (Linux, MacOS, BSD, Windows).
For detailed usage and installation instructions please check out our documentation.
Screenshot
Features
Please see docs/features.md for an extensive list of all features along with several usage examples. Some examples are available in our example password store.
| Feature | State | Description |
|---|---|---|
| Secure secret storage | stable | Securely storing encrypted secrets |
| Multiple stores | stable | Mount multiple stores in your root store, like file systems |
| Recipient management | stable | Easily manage multiple users of each store |
| password quality assistance | beta | Checks existing or new passwords for common flaws offline |
| password leak checker | integration | Perform offline checks against known leaked passwords using gopass-hibp |
| PAGER support | stable | Automatically invoke a pager on long output |
| JSON API | integration | Allow gopass to be used as a native extension for browser plugins |
| Automatic fuzzy search | stable | Automatically search for matching store entries if a literal entry was not found |
| gopass sync | stable | Easy to use syncing of remote repos and GPG keys |
| Desktop Notifications | stable | Display desktop notifications and completing long running operations |
| REPL | beta | Integrated Read-Eval-Print-Loop shell with autocompletion by running gopass. |
| OTP support | stable | Generate TOTP/(HOTP) tokens based on the stored secret |
| Extensions | Extend gopass with custom commands using our API | |
| Fully open source! | No need to trust it, check our code and/or improve it! |
Design Principles
Gopass is a versatile command line based password manager that is being developed with the following principles in mind:
- Easy: For technical users (i.e. those who are used to the command line) it should be easy to get started with gopass.
- Secure: Security is hard. We aim to make it as easy as possible while still providing a good level of protection against common adversaries. Caution: If your personal threat level is very high, we might not offer a good tool for you.
- Extensible: While Gopass includes a fair amount of useful features, we can't cover every use-case. To support more special use cases we want to provide a clean and simple API to integration gopass into your own binaries.
Installation
Please see docs/setup.md.
If you have Go 1.18 (or greater) installed:
go install github.com/gopasspw/gopass@latest
(and make sure your $GOBIN is in your $PATH.)
WARNING: Please prefer releases, unless you want to contribute to the development of gopass. The master branch might not be stable and can contain breaking changes without any notice.
Getting Started
Either initialize a new git repository or clone an existing one.
New password store
$ gopass setup
__ _ _ _ _ _ ___ ___
/'_ '\ /'_'\ ( '_'\ /'_' )/',__)/',__)
( (_) |( (_) )| (_) )( (_| |\__, \\__, \
'\__ |'\___/'| ,__/''\__,_)(____/(____/
( )_) | | |
\___/' (_)
🌟 Welcome to gopass!
🌟 Initializing a new password store ...
🌟 Configuring your password store ...
🎮 Please select a private key for encrypting secrets:
[0] gpg - 0xFEEDBEEF - John Doe <john.doe@example.org>
Please enter the number of a key (0-12, [q]uit) (q to abort) [0]: 0
❓ Do you want to add a git remote? [y/N/q]: y
Configuring the git remote ...
Please enter the git remote for your shared store []: git@gitlab.example.org:john/passwords.git
✅ Configured
Hint: gopass setup will use gpg encryption and git storage by default.
Existing password store
$ gopass clone git@gitlab.example.org:john/passwords.git
__ _ _ _ _ _ ___ ___
/'_ '\ /'_'\ ( '_'\ /'_' )/',__)/',__)
( (_) |( (_) )| (_) )( (_| |\__, \\__, \
'\__ |'\___/'| ,__/''\__,_)(____/(____/
( )_) | | |
\___/' (_)
🌟 Welcome to gopass!
🌟 Cloning an existing password store from "git@gitlab.example.org:john/passwords.git" ...
⚠ Cloning git repository "git@gitlab.example.org:john/passwords.git" to "/home/john/.local/share/gopass/stores/root" ...
⚠ Configuring git repository ...
🎩 Gathering information for the git repository ...
🚶 What is your name? [John Doe]:
📧 What is your email? [john.doe@example.org]:
Your password store is ready to use! Have a look around: `gopass list`
Upgrade
To use the self-updater run:
gopass update
or to upgrade with Go installed, run:
go install github.com/gopasspw/gopass@latest
Otherwise, use the setup docs mentioned in the installation section to reinstall the latest version.
Development
This project uses GitHub Flow. In other words, create feature branches from master, open an PR against master, and rebase onto master if necessary.
We aim for compatibility with the latest stable Go Release only.
While this project is maintained by volunteers in their free time we aim to triage issues weekly and release a new version at least every quarter.
Credit & License
gopass is licensed under the terms of the MIT license. You can find the complete text in LICENSE.
Please refer to the Git commit log for a complete list of contributors.
Community
gopass is developed in the open. Here are some of the channels we use to communicate and contribute:
- Issue tracker: Use the GitHub issue tracker to file bugs and feature requests.
Integrations
- gopassbridge: Browser plugin for Firefox, Chrome and other Chromium based browsers
- gopass-ui: Graphical user interface for gopass
- kubectl gopass: Kubernetes / kubectl plugin to support reading and writing secrets directly from/to gopass.
- gopass alfred: Alfred workflow to use gopass from the Alfred Mac launcher
- git-credential-gopass: Integrate gopass as an git-credential helper
- gopass-hibp: haveibeenpwned.com leak checker
- gopass-jsonapi: native messaging for browser plugins, e.g. gopassbridge
- gopass-summon-prover: gopass as a summon provider
terraform-provider-gopass: a Terraform provider to interact with gopass- chezmoi: dotfile manager with gopass support
- tessen: autotype and copy gopass data on wayland compositors on Linux
- raycast-gopass: a gopass extension for Raycast Mac launcher
- gnome-pass-search-provider: pass search provider for GNOME Shell, which also supports gopass
Mobile apps
- Pass - Password Store - iOS, source code, supports only 1 repository now
- Password Store - Android, source code
Related Projects
- pass - The inspiration for this project, by Jason A. Donenfeld.
gopassis a drop-in replacement forpassand can be used interchangeably (mostly!). - passage - passage is a fork of password-store that uses
age as a backend instead of GnuPG.
gopasshas some amount of support forpassagebut can not be used fully interchangeably as of today. This might change in the future.
Contributing
We welcome any contributions. Please see the CONTRIBUTING.md file for instructions on how to submit changes.
Further Documentation
External Documentation
Documentation
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
helpers
|
|
|
changelog
Changelog implements the changelog extractor that is called by the autorelease GitHub action and used to extract the changelog from the CHANGELOG.md file.
|
Changelog implements the changelog extractor that is called by the autorelease GitHub action and used to extract the changelog from the CHANGELOG.md file. |
|
man
Man implements a man(1) documentation generator that is run as part of the release helper to generate an up to date manpage for Gopass.
|
Man implements a man(1) documentation generator that is run as part of the release helper to generate an up to date manpage for Gopass. |
|
postrel
Postrel is a helper that's supposed to be run after a release has been completed.
|
Postrel is a helper that's supposed to be run after a release has been completed. |
|
release
Release is the first part of the gopass release automation.
|
Release is the first part of the gopass release automation. |
|
internal
|
|
|
action
Package action implements all the handlers that are available as subcommands for gopass.
|
Package action implements all the handlers that are available as subcommands for gopass. |
|
action/pwgen
Package pwgen implements the subcommands to operate the stand alone password generator.
|
Package pwgen implements the subcommands to operate the stand alone password generator. |
|
audit
Package audit contains the password-strength auditing implementation.
|
Package audit contains the password-strength auditing implementation. |
|
backend
Package backend implements a registry to register differnet plugable backends for encryption and storage (incl.
|
Package backend implements a registry to register differnet plugable backends for encryption and storage (incl. |
|
backend/crypto/gpg/cli
Package cli implements a GPG CLI crypto backend.
|
Package cli implements a GPG CLI crypto backend. |
|
backend/crypto/plain
Package plain implements a plaintext backend
|
Package plain implements a plaintext backend |
|
backend/storage/fs
Package fs implement a password-store compatible on disk storage layout with unencrypted paths.
|
Package fs implement a password-store compatible on disk storage layout with unencrypted paths. |
|
backend/storage/gitfs
Package gitfs implements a git cli based RCS backend.
|
Package gitfs implements a git cli based RCS backend. |
|
queue
Package queue implements an experimental background queue for cleanup jobs.
|
Package queue implements an experimental background queue for cleanup jobs. |
|
store/mockstore/inmem
Package inmem implements an in memory storage backend for tests.
|
Package inmem implements an in memory storage backend for tests. |
|
tree
Package tree implements a tree for displaying hierarchical password store entries.
|
Package tree implements a tree for displaying hierarchical password store entries. |
|
pkg
|
|
|
appdir
Package appdir implements a customized lookup pattern for application paths like config, cache and data dirs.
|
Package appdir implements a customized lookup pattern for application paths like config, cache and data dirs. |
|
debug
Package debug provides logging of debug information.
|
Package debug provides logging of debug information. |
|
gitconfig
Package gitconfig implements a pure Go parser of Git SCM config files.
|
Package gitconfig implements a pure Go parser of Git SCM config files. |
|
gopass
Package gopass contains the public gopass API.
|
Package gopass contains the public gopass API. |
|
pwgen
Package pwgen implements multiple popular password generate algorithms.
|
Package pwgen implements multiple popular password generate algorithms. |
|
pwgen/pwrules
Code generated by go generate gen.go.
|
Code generated by go generate gen.go. |
|
qrcon
Package qrcon implements a QR Code ANSI printer for displaying QR codes on the console.
|
Package qrcon implements a QR Code ANSI printer for displaying QR codes on the console. |
|
tempfile
Package tempfile is a wrapper around os.MkdirTemp, providing an OO pattern as well as secure placement on a temporary ramdisk.
|
Package tempfile is a wrapper around os.MkdirTemp, providing an OO pattern as well as secure placement on a temporary ramdisk. |
Click to show internal directories.
Click to hide internal directories.