gopass
Command-line password manager for teams with GPG encryption, git versioning, and multi-platform support
gopass is a command-line password manager that serves as a drop-in replacement for the standard UNIX pass utility. It encrypts credentials using GPG by default and stores them in git repositories for version control, though it supports alternative backends like age for encryption and fossil for storage. The tool is designed for both individual use and distributed teams, allowing password stores to be shared via git remotes while maintaining strong encryption.
The primary interface is command-line based with commands like gopass create, gopass show -c <key> for clipboard copying, and gopass sync for remote synchronization. It includes a REPL mode for interactive use and can integrate with browsers to reduce command-line dependency. gopass supports multiple stores through a mount system and provides features like recipient management for team-based access control.
gopass runs on Linux, macOS, BSD, and Windows without requiring network connectivity, making it suitable for air-gapped environments. It can operate independently but typically works alongside gpg and git, with an external editor required for the gopass edit command. The tool is particularly useful for development teams, system administrators, and anyone managing credentials across multiple devices or environments.
Installation
# via Homebrew
brew install gopass
# via Go
go install github.com/gopasspw/gopass@latest
# via Debian
curl https://packages.gopass.pw/repos/gopass/gopass-archive-keyring.gpg | sudo tee /usr/share/keyrings/gopass-archive-keyring.gpg >/dev/null && cat << EOF | sudo tee /etc/apt/sources.list.d/gopass.sources
Types: deb
URIs: https://packages.gopass.pw/repos/gopass
Suites: stable
Architectures: all amd64 arm64 armhf
Components: main
Signed-By: /usr/share/keyrings/gopass-archive-keyring.gpg
EOF && sudo apt update && sudo apt install gopass gopass-archive-keyring
