Pass is the standard Unix password manager. Each password is a GPG-encrypted file. Git handles sync. No cloud, no vendor, no proprietary format — just files you control.

These instructions are specific to Mac with Homebrew but work on any Unix system.

Pre-work

Before installing Pass, you need three things in place:

1. GPG configured — ideally with a hardware Yubikey
2. SSH configured — ideally using GPG as the SSH agent (see resources below)
3. A remote git server — soft-serve on a Docker host works well

Install & Configure

Install Pass and extensions

brew update
brew upgrade
brew install pass
brew install pass-otp
brew install pass-git-helper

pass-otp adds TOTP support so your 2FA codes live alongside your passwords. pass-git-helper lets Pass credentials feed directly into Git operations.

Initialise the store

Replace the email with your actual GPG key ID or associated email:

pass init invalidemail@example.com

Set up git sync

pass git init
pass git remote add origin ssh://remote-server:23231/pass
pass git push -u --all

Usage

Reference

pass generate Test/sample@gmail.com 21
pass Test/sample@gmail.com
pass edit Test/sample@gmail.com

pass generate creates a new 21-character password under Test/sample@gmail.com and commits it. pass decrypts and prints a password (requires GPG key access). pass edit opens the decrypted entry in your $EDITOR.

Connect to your remote server

ssh user@remote-server -p 23231

Browser Integration

Install the host app for Firefox:

curl -sSL github.com/passff/passff-host/releases/latest/download/install_host_app.sh | bash -s -- firefox

Then install the PassFF Firefox extension.

Resources

• GPG subkeys for SSH auth
• GPG + Yubikey setup
• YubiKey with OpenPGP
• GPG as SSH agent