Pass as Secrets Manager

I recently started using pass in a case other than password management: as a secret manager and environment variables store. I don’t use as production-ready secrets store, only for development purposes, e.g. when I need to have a number of API keys at hand, but I don’t want (or should not) commit them into the code repository.

To start using pass, I had to generate a key pair using gpg:

gpg --full-gen-key

Then, I initialized a new password store using the keys I generated:

pass init <key-id>

Now I can add new entries into the store:

pass insert entry-name

By default, pass accepts only a single line for password, so for longer entries spanning multiple lines, pass insert -m entry-name can be used.

It is also possible to plug-in git for version control of the password store. It can be useful to retrieve previous versions of entries. The repository can be initialized using:

pass git init