Install Now
pass-tomb - A pass(1) extension that helps to keep the whole tree of password encrypted inside a tomb(1).
Contents
Command
passtomb [ --no-init, -n ] [--timer=time, -ttime]
[ --path=subfolder, -psubfolder ] [--force, -f] gpg-id...
Create and initialise a new password tomb. This command must be run first, before a password store
can be used.
Use gpg-id for encryption of both passwords and tomb. Multiple gpg-ids may be specified, in order
to encrypt the tomb and each password with multiple ids.
If --path or -p is specified, along with an argument, a specific password tomb using gpg-id or a
set of gpg-ids is assigned for that specific subfolder of the password store.
If --no-init, -n is specified, do not initialise the password store. By default, pass-tomb
initialises the password store with the same key(s) it generated the tomb. The purpose of this
option is to let the user free to initialise the password store with a different key or set of
keys.
If --timer, -t is specified, along with an argument, the password store will be automatically
closed using a systemd timer after a given time. This time will be saved in the .timer file
present in the store.
If --force is specified, the password store will create or mount the password store even if a
plain text swap is present. Make sure you know what you are doing if you force an operation.
passopen [--timer=time, -ttime] [--force, -f] [subfolder]
Open a password tomb. If a .timer file is present in the store, a systemd timer will be
initialized.
If --timer, -t is specified, along with an argument, the password store will be automatically
closed using a systemd timer after a given time. If a '.time' file was already present in the
store, this time will be updated. Multiple timer can be used in the same time.
If --force is specified, the password store will create or mount the password store even if a
plain text swap is present. Make sure you know what you are doing if you force an operation.
If subfolder is specified, the password store will be opened in the subfolder.
passclose [store]
Close a password tomb.
If store is specified, pass close will try to close this store.
passtimer [store]
Show timer status.
If store is specified, pass timer will show the status for this store.
Copying
This program is free software: you can redistribute it and/or modify it under the terms of the GNU
General Public License as published by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see
<http://www.gnu.org/licenses/>.
pass-tomb May 2021 pass-tomb(1)
Description
Due to the structure of pass(1), file- and directory names are not encrypted in the password store. passtomb provides a convenient solution to put your password store in a tomb(1) and then keep your password
tree encrypted when you are not using it.
It uses the same GPG key to encrypt passwords and tomb, therefore you don't need to manage more key or
secret. Moreover, you can ask pass-tomb to automatically close your store after a given time.
Thenewworkflowisthefollowing:
1. Create a password tomb with passtomb. It creates a new tomb and opens it in ~/.password-store.
Then it initialises the password repository with the same GPG key.
2. Use tomb as usual.
3. When finished close the password tomb: passclose.
4. To use pass again, you need to open the password tomb: passopen.
Environment Variables
PASSWORD_STORE_TOMB
Path to tomb executable
PASSWORD_STORE_TOMB_FILE
Path to the password tomb, by default ~/.password.tombPASSWORD_STORE_TOMB_KEY
Path to the password tomb key file by default ~/.password.key.tombPASSWORD_STORE_TOMB_SIZE
Password tomb size in MB, by default 10Examples
Create a new password tomb
zx2c4@laptop~$passtombJason@zx2c4.com
(*) Your password tomb has been created and opened in ~/.password-store.
(*) Password store initialised for Jason@zx2c4.com.
. Your tomb is: ~/.password.tomb
. Your tomb key is: ~/.password.key.tomb
. You can now use pass as usual.
. When finished, close the password tomb using 'pass close'.
Open a password tomb
zx2c4@laptop~$passopen
(*) Your password tomb has been opened in ~/.password-store.
. You can now use pass as usual.
. When finished, close the password tomb using 'pass close'.
Close a password tomb
zx2c4@laptop~$passclose
(*) Your password tomb has been closed.
. Your passwords remain present in ~/.password.tomb.
Create a new password tomb and set a timer
zx2c4@laptop~$passtombJason@zx2c4.com--timer=1h
(*) Your password tomb has been created and opened in ~/.password-store.
(*) Password store initialised for Jason@zx2c4.com.
. Your tomb is: ~/.password.tomb
. Your tomb key is: ~/.password.key.tomb
. You can now use pass as usual.
. This password store will be closed in 1h
zx2c4@laptop~$passopen
(*) Your password tomb has been opened in ~/.password-store.
. You can now use pass as usual.
. This password store will be closed in 1h
Open a password tomb and set a timer
zx2c4@laptop~$passopen
(*) Your password tomb has been opened in ~/.password-store.
. You can now use pass as usual.
. This password store will be closed in 10min
Name
pass-tomb - A pass(1) extension that helps to keep the whole tree of password encrypted inside a tomb(1).
Options
-n,--no-init
Do not initialise the password store
-t,--timer
Close the store after a given time
-p,--path
Create the store for that specific subfolder
-f,--force
Force the tomb operations (i.e. even if swap is active)
-q,--quiet
Be quiet
-v,--verbose
Be verbose
-d,--debug
Print tomb debug messages
--unsafe
Speed up tomb creation (for testing purposes only)
-V,--version
Show version information
-h,--help
Show usage message
See Also
pass(1),tomb(1),pass-import(1),pass-update(1),pass-audit(1),pass-otp(1)
Synopsis
passtomb [args] gpgid...
passopen [args]
passclose [args]
PNG Icons
SVG Icons