Pass: Unix Password Manager

Original Article ↗ Hacker News Discussion ↗

Pass vs deterministic password generators

  • Debate over deriving passwords from a master secret + domain vs storing per-site passwords.
  • Objections to derivation: weird site rules, per-site rotation after breaches, domain changes, and catastrophic failure if the master secret leaks (past and future passwords exposed).
  • Deterministic schemes praised for elegance and low “vault anxiety”, but considered impractical for sharing and for sites with password constraints.

Use cases and strengths of pass

  • Many users store not just passwords but documents, recovery codes, bank details, and config/API secrets.
  • Git backend provides sync, history, and easy backup; passwords are isolated per file, so only the needed secret is decrypted.
  • Plays well with scripting: can feed secrets into CLI tools, TUI frontends, or custom scripts (e.g., OTP generation, disaster-recovery bundles).

GPG, age, and cryptographic concerns

  • GPG is seen as powerful but complex and finicky (agents, defaults, Yubikey quirks, packaging).
  • Some argue GPG is outdated and hard to reason about; others defend it as well-audited and flexible, especially with signatures and hardware-backed keys.
  • age-based replacements (e.g., passage, other pass-like tools) are promoted as simpler, but they lose some hardware-token workflows.

Mobile and cross-platform integration

  • Major pain point: lack of polished, “just download and go” official mobile clients.
  • Android: termux + pass, older/archived apps, community forks on F-Droid; GPG dependencies and Yubikey support can be rough.
  • iOS: third-party app integrates with system autofill and pass-otp, but no good Yubikey story on iPad/iPhone.
  • Some users SSH into a Unix box instead of native apps.

Hardware keys and threat model

  • Strong enthusiasm for Yubikey + OpenPGP: key never leaves hardware, each decryption can require a touch, and adding passwords needs only the public key.
  • Compared to GUI managers, pass + hardware token is seen as harder to “mass-exfiltrate” if the machine is compromised, though others note any unlocked manager is vulnerable.

Team and corporate usage

  • Mixed experience using pass for organizations: fine-grained access via per-directory keys is possible, but no audit trail of who actually opened which secret and no clean way to erase pushed data.
  • Dedicated team tools (1Password, Bitwarden/Vaultwarden, Passbolt, KeePassXC-based setups) are often preferred for sharing, audit, and CI/automation use cases.

Critiques and limitations

  • Unstructured data format complicates generic tooling and scripting; conventions (first line password, “user:” lines, per-field files) partially mitigate this.
  • Reviewing history via git is nontrivial; metadata (file names/tree) leaks even when contents are encrypted.
  • Browser integration can be clunky or brittle, especially with sandboxed/Flatpak browsers.
  • Several long-time users have migrated to KeePassXC or Bitwarden for better mobile UX, sharing, and fewer GPG headaches, while others remain very satisfied with pass’s simplicity and Unix philosophy.