pass (the password store).

The standard Unix password manager. Every secret is a small file encrypted to your OpenPGP key, laid out as a folder tree on disk. No database, no proprietary format — just PGP files.

// definition

pass (also called password-store) stores each password as a .gpg file encrypted to your PGP key, organized in directories. The store is the filesystem: email/work.gpg, banking/checking.gpg, and so on. Decrypting a file reveals its contents; the first line is conventionally the password.

What it is.

pass takes a deliberately minimal approach: there is no special database and no vendor format. A password entry is a text file, encrypted to your OpenPGP key with the same crypto you already use for messages. Folders give you structure; an optional Git repository gives you history and sync. Because the format is just PGP files, any OpenPGP tool can read a pass store — it is not locked to one app.

That openness is the appeal. Your secrets are protected by the key you control, in a format you can inspect, on storage you choose.

Why it matters.

For people who already live in OpenPGP, pass is the natural password manager: it reuses the key and the trust model they already have, with no new account and no new company to trust. The catch has always been mobile — reading a pass store on a phone meant awkward workarounds.

A PGP app that can open a pass store closes that gap: your desktop pass entries become readable on the phone, decrypted with the same key (or the same hardware token), without copying secrets into a different manager.

// in PGPony PGPony includes a read-only pass viewer: point it at your store, browse the folder tree, and decrypt entries on-device behind a biometric gate (hardware-key-backed where the entry is encrypted to a card). It reads pass; it is not a password manager, so editing stays in your dedicated tooling. See the guide: Open a pass store.

Related terms

Get PGPony

Free OpenPGP encryption for iOS and Android. No accounts, no tracking.