Usage¶

CLI¶

Setting up the password store¶

To initialise a new password store use:

$ passpy init "passpy gpg id"
Password store initialised for passpy gpg id.

where passpy gpg id is the ID of the GPG key to encrypt the password files with. You can use different IDs for different folders inside the store by adding the -path or -p option. It is also possible to use multiple IDs instead of just one.

If you want to use git to revision your passwords you can initialise it with:

$ passpy git init

By calling passpy git [...] you can directly interact with git acting on the password store to e.g. add remotes to push/pull to/from them.

Using the password store¶

You can use the --help option on any command to get all the available options.

To list all existing passwords in the password store use:

$ passpy ls
Password Store
|-- Email
|   |-- google.com
|   `-- yahoo.com
|-- Programming
|   |-- github.com
|   `-- Python
|       |-- python.org
|       `-- readthedocs.org
`-- Notes
    `-- Wi-Fi
        |-- home
        `-- work

We can show a password:

$ passpy show Email/google.com
z.Rw6$`U=2MZs(i9\>-r

or copy it to the clipboard:

$ passpy show -c Email/google.com
Copied Email/google.com to the clipboard.

When accessing a password you will be prompted to enter your password for the encryption key. If you have a running gpg-agent you can configure it, so that you stay authenticated for several minutes. This helps especially when accessing multiple passwords in short order, e.g. when moving passwords and reencrypting them.

To add an existing password to the store use:

$ passpy insert Webshop/amazon.com
Enter password for Webshop/amazon.com:
Repeat for confirmation:

Using the --echo or -e option you won’t be prompted to repeat the password. With --multiline or -m you can enter multiple lines, or you can use $ passpy edit pass-name to edit password files with your default text editor.

To let passpy generate a password for you, use:

$ passpy generate Social/facebook.com 16
The generated password for Social/facebook.com is:
&,"S_Bq}qWKW&<^f

If you don’t want any symbols in your password use the --no-symbols or -n option. Like show you can copy the generated password to the clipboard with --clip or -c and --in-place or -i will overwrite the first line of an existing password file with the new password.

To copy or move a password file or folder in the password store use:

$ passpy cp/mv Webshop Webshops
/home/user/.password-store/Webshop/amazon.com.gpg -> /home/user/.password-store/Webshops/amazon.com.gpg

To avoid being prompted for every file that already exists at the destination, use the --force or -f option. When using a trailing / in the destination name, the destination will always be treated as a directory.

Finally, you can delete a password file

$ passpy rm Social/facebook.com
Really delete Social/facebook.com? [y/N] y
removed Social/facebook.com

Passing the --force or -f option will delete the file without asking and --recursive or -r will delete whole directories, if one is given.

Library¶

To use passpy in your Python project, we will first have to create a new passpy.store.Store object

>>> import passpy
>>> store = passpy.Store()

If git or gpg2 are not in your PATH you will have to specify them via git_bin and gpg_bin when creating the store object. You can also create the store on a different folder, be passing store_dir along.

To initialise the password store at store_dir, if it isn’t already, use

>>> store.init_store('store gpg id')

where store gpg id is the name of a GPG ID. Optionally, git can be initialised in very much the same way

>>> store.init_git()

You are now ready to interact with the password store. You can set and get keys using passpy.store.Store.set_key() and passpy.store.Store.get_key(). passpy.store.Store.gen_key() generates a new password for a new or existing key. To delete a key or directory, use passpy.store.Store.remove_path().

For a full overview over all available methods see store module.

Data Organisation¶

You are free to organise your files in the store however you like. But, as the --clip or -c option only copies the first line of a password file to the clipboard and the --in-place or -i option overwrites the first line with a new password, it is recommended that you have your password on the first line for each password file. That way it is easy to fetch a password for a login form or update an existing password file.

Some users might want to store additional information for a store entry, like a websites URL, the username and so on. There are many methods to do this, some of which are listed under Data Organization on the website for ZX2C4’s pass. The authors preferred way to do this (both for pass and passpy) is to have additional lines under the first one with a leading keyword. An entry might look like this:

z.Rw6$`U=2MZs(i9\>-r
URL: accounts.google.com/*
Username: somegoogleuser@gmail.com

Chrome Sync Password: EK6zzRo4chejRBztuVUF3CvqvRg9E4

Of course, as said in the beginning of the section, how you organise your data is completely up to you and this is just one way of doing things.