This guide walks you through setting up a command line based system for storing encrypted passwords (and metadata) inside of an encrypted filesystem on both Mac and Ubuntu. The encrypted filesystem can be stored in source control. EncFS is used for the encrypted file system and pass for the password manager.
pass stores information in GPG encrypted files in your
~/.password-store directory. We will encrypt that directory with
EncFS. It'll look something like this:
cd ~/.password-store find . -type f email@example.com banks/bank-of-america banks/shinsei-bank
GPG stores data in
This part is optional but I prefer it since
pass leaks info in its directory structures and filenames -- the password and metadata is secure however.
# For Mac brew install Caskroom/cask/osxfuse brew install homebrew/fuse/encfs # For Ubuntu sudo apt-get install encfs
Now create an encrypted filesystem to store your
pass files. The unencrypted mount will be at
.password-store.encrypted directory is the encrypted version. You can store that in source control or back it up however you like.
encfs ~/path-to-where-you-want-this/.password-store.encrypted ~/.password-store
# Mac brew install pass # Ubuntu sudo apt-get install pass
# Here, firstname.lastname@example.org is the ID of your GPG key pass init "email@example.com"
Insert a password
pass insert firstname.lastname@example.org
Or create an auto-generated password
# 20 is the password length pass generate email@example.com 20
Copy a password to the clipboard
pass -c firstname.lastname@example.org
Print a password to the screen
That's it, all done.