Question about the 'pass' password manager (lemmy.ml)

submitted 5 days ago* (last edited 5 days ago) by grumt@lemmy.ml to c/privacy@lemmy.ml

23 comments fedilink hide all child comments

So, I've been using keepassxc for some time now, but I wanted a viable alternative for command line usage (there is keepassxc-cli, that I use, but it is really a pain in the ass). So, I searched and found pass and gopass.

However, I've seen that they store each entry in a gpg encrypted file, inside a plain directory hierarchy. And, don't get me wrong, I believe that there are use cases for this, but if someone got their hands in your password_store, they would know every single login that you have (the only information that is protected is the password, or whatever is in the gpg file).

So, my question is, there is a password manager, cli based, that encrypts the whole database, and not the single entries?

Update: there is a pass extension made specifically to address this issue

you are viewing a single comment's thread
view the rest of the comments

[-] harsh3466@lemmy.ml 10 points 5 days ago

With pass, everything in the store is gpg encrypted. Unless they have your master password, getting the password_store itself will give them nothing but encrypted data blobs.

Imo pass is great for CLI password management

[-] grumt@lemmy.ml 2 points 5 days ago

So even the sub-directories of the password store are encrypted? For example, even if I put my password int the name of a subdirectory, they wouldn't be able to see it?

[-] ebc@lemmy.ca 4 points 5 days ago

No, only the file contents are encrypted. The file names and folder structure is visible to anyone who has access to the files.

The files themselves can contain a ton of stuff if you want, but the convention is to put the password on the first line and that's what "pass -c my/file" will copy.

[-] grumt@lemmy.ml 2 points 5 days ago

Hmm I get it. As I said, I think there is good use cases for it, specially because of the simplicity, but I personally prefer to have the entire database encrypted, kinda like keepassxc does

[-] ebc@lemmy.ca 3 points 5 days ago

pass probably isn't for you then, unless you find a wrapper or something that lets you put all in one file. I've switched to keepassxc as well, I could never get the browser integration to work with pass.

this post was submitted on 01 Mar 2025

20 points (100.0% liked)

Privacy

34611 readers

404 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS