Password Manager “pass” — Importing and Exporting
I have been using
pass ever since the day I switched to Linux, because it is simple, lightweight, and scriptable. Recently, I have needed to move this password manager over to another PC and forgot how to do it. So this will be my documentation on importing and exporting
pass . If you don’t know what pass is, I recommend checking out my article on how to set it up. Call me old school, but when it comes to handling passwords; I prefer having an offline password manager rather than it being stored in the cloud where I cannot see the code that is handling that kind of data.
Before importing your gpg key, we need to know which key is being used on your password manager. Exporting our gpg keys require 2 commands:
gpg --output MY_FILENAME_public.gpg --armor --export GPG_PUB_KEY
gpg --output MY_FILENAME_secret.gpg --armor --export-secret-key GPG_PUB_KEY
This will create 2 gpg key files in our current directory. To transfer these keys to a new machine, you can use a USB stick or my personal preferred way is good old
scp . If you’re on windows, use WSL to access this command.
If you want to try to use
scp , both PCs will need to be on the same wifi network. Make sure
sshd service is enabled on your destination PC, and then check your destination’s PC’s IP address with
ifconfig , etc.. the command name will depend on which OS or distro you are on. Once you have your IP, all you need to do is to use this command to send your gpg keys:
scp mykey_public.gpg mykey_secret.gpg username@IP_ADDRESS:~/
This will send your keys to the home directory of your destination PC. Importing it requires 2 commands on your new machine:
gpg --import MY_FILENAME_pub.gpg
gpg --allow-secret-key-import --import MY_FILENAME_sec.gpg
The 2nd command will require the secret key to be in the same directory, so make sure both keys are in the same folder in the above commands you run it with. Note that only importing the public key will allow access to only read the pass folders. Importing the secret key will allow full access, which includes editing with that key.
pass is just a folder system in your home directory with the name
.password-store/ . So the most convenient way to manage this is with the built-in git integration with
pass , which automatically pushes to the repo if any changes were made. You can also manually manage git if you wanted to as well. So exporting your passwords is just uploading
.password-store/ and downloading them on your destination PC. If you prefer to be completely manual, you can also use the above
scp method to transfer the entire
.password-store/ folder to your destination PC. You could also just keep it on a flash drive as well.
While pass may not have some fancy features that other password manager apps have, pass is probably one of the most secure password managers out there. The entire point of using a password manager is for security, so I would rather use an open source tool that is publicly available to be audited by anyone, compared to a proprietary tool where we don’t even know what actually happens when we press “Add Password”.