To help with that, password-store is also an Emacs package that serves as a front end to the Password Store program. Similar to its back end, password-store is simple and light. More importantly, you can easily extend its features by using a number of plugins done by its community.
How Does Password Store Work?
Password Store is an extremely simple password manager that creates and modifies passwords in pure plain text. It only maintains a text file for every account and password that you provide to it. While this might seem insecure and archaic, Password Store makes it work by encrypting all of the files that it maintains. This allows you to have the flexibility of plain text while also having the security and encryption of GPG. Since the program only deals with simple files, it is possible for you to categorize and sort those files under different folders. Password store also allows you to append additional information for your password files. This is because it only requires you to reserve the first line of the file for your password. For example, this is a password file for one of my forum accounts: Password Store does not read any information after the first line. As such, I am able to easily add any additional information about my forum account. With that, the program not only allows you to create a custom password directory but also custom formats for your passwords.
Installing Password Store
Due to its simplicity, Password Store is easy to install. Further, it is also available to almost all Linux distributions. For example, you can install it in Debian and Ubuntu using apt: In Fedora, you can use dnf: For Arch Linux, you can use pacman:
Creating Your Password Store
With that done, creating a password store requires you to do two things:
First, you need to have a GPG key. This will be the key that will be associated to your Password Store. You can either create a new one specific for this store or use an old one that you already have.Secondly, you need to initialize the Password Store itself. This could either be a simple password store maintained through GPG or a version controlled one under GPG and Git. Either way, creating these two versions will only require you to run a single command.
Creating a GPG Key for Your Store
Password Store relies on GPG for all of its encryption. As such, it is necessary for you to create your own GPG key to ensure that password store is both secure and only encrypted to you.
Setting Your GPG Key Length and Expiry
Starting Your Store
With that done, the next thing that you have to do is to start your Password Store. You can do this in two ways:
You can start a simple Password Store with the default GPG encryption. This is useful if you only want a simple way of storing and accessing your passwords.
Run the following command in the terminal: This will create a password store in your home directory under the name “.password-store”.
You can also start a git-controlled Password Store. This will allow you to finely control your store’s history. As such, you will be able to easily jump back on the changes that you have made. This is highly useful if you constantly change the passwords for your accounts.
If you want to run a git-controlled store, you have to run the following command: Doing so will start the git repository for your store. From here, you can access all of git’s commands for your store by prepending “pass” to git. You can view all of the git remotes for your store by running the following command:
Integrating Emacs with Password Store
If you are an Emacs user, you can integrate Password Store to your Emacs client. Start by downloading the “password-store” package from the MELPA repository. By default, this repository does not come with the standard Emacs installation. As such, you need to explicitly add it first to your Emacs’ configuration.
Adding a New Password to Your Store
Editing Your Store Entry
One of the key strengths of Password Store is that you can customize your password files. This, in turn, allows you to provide an arbitrary format that can contain just about anything.
Removing a Password in Your Store
Similarly, deleting a password in your store is also a simple process. You can remove a password by pressing Alt + X and typing password-store-remove. Doing this will bring up a prompt asking you for the password that you want to remove. In my case, I wanted to remove an old password for a site that I do not visit anymore. So I typed “my-old-password” and pressed Enter.
Copying a Password from a Store
Lastly, the package also allows you to copy your passwords directly from Emacs. This is highly useful if you want to quickly access your store whenever you are logging in to a service or an account. That’s it! You now have a basic idea of how to use Emacs as your password manager. Further, you also now know how to use a simple, file-driven password manager with Password Store.
1. Is it possible for Password Store to create passwords similar to KeepassXC?
Yes! The package can generate passwords for new accounts out of the box. You can access this function by pressing Alt + X and typing password-store-generate. This will tell the package to prompt for a new account. From there, it will then generate a sufficiently random password for that account. You can, then, copy that password by using the password-store-copy function as described above.
2. Is it possible to integrate one-time password (OTP) support for my store?
Yes! Password store has an excellent plugin that can manage OTP from within the command line. To use it, however, you will need to install an additional package to generate OTPs. For example, in Debian and Ubuntu you can run the following command to install it: In Fedora, you can use dnf: In Arch Linux, you can use pacman: Once done, you can then run this command to insert an OTP link to a store account: From there, all you need to do is to run pass otp “account-name” to generate an OTP code for that account.
3. Is it possible for me to display the passwords as a tree in Emacs?
Sadly no. However, you can display all of your passwords through tab-completion if you are using a minibuffer completion package. The most common packages that provide this functionality are helm and mct. Both of them are available in the GNU ELPA repository and, as such, can easily be installed through the package-install function. Image credit: Unsplash