Provided by: pass-extension-tomb_1.1-4_all 
NAME
pass-tomb - A pass(1) extension that helps to keep the whole tree of password encrypted
inside a tomb(1).
SYNOPSIS
pass tomb [args] gpgid...
pass open [args]
pass close [args]
DESCRIPTION
Due to the structure of pass(1), file- and directory names are not encrypted in the
password store. pass tomb provides a convenient solution to put your password store in a
tomb(1) and then keep your password tree encrypted when you are not using it.
It uses the same GPG key to encrypt passwords and tomb, therefore you don't need to manage
more key or secret. Moreover, you can ask pass-tomb to automatically close your store
after a given time.
The new workflow is the following:
1. Create a password tomb with pass tomb. It creates a new tomb and opens it in
~/.password-store. Then it initialises the password repository with the same GPG
key.
2. Use tomb as usual.
3. When finished close the password tomb: pass close.
4. To use pass again, you need to open the password tomb: pass open.
COMMAND
pass tomb [ --no-init, -n ] [--timer=time, -t time]
[ --path=subfolder, -p subfolder ] [--force, -f] gpg-id...
Create and initialise a new password tomb. This command must be run first, before a
password store can be used.
Use gpg-id for encryption of both passwords and tomb. Multiple gpg-ids may be
specified, in order to encrypt the tomb and each password with multiple ids.
If --path or -p is specified, along with an argument, a specific password tomb
using gpg-id or a set of gpg-ids is assigned for that specific subfolder of the
password store.
If --no-init, -n is specified, do not initialise the password store. By default,
pass-tomb initialises the password store with the same key(s) it generated the
tomb. The purpose of this option is to let the user free to initialise the password
store with a different key or set of keys.
If --timer, -t is specified, along with an argument, the password store will be
automatically closed using a systemd timer after a given time. This time will be
saved in the .timer file present in the store.
If --force is specified, the password store will create or mount the password store
even if a plain text swap is present. Make sure you know what you are doing if you
force an operation.
pass open [--timer=time, -t time] [--force, -f] [subfolder]
Open a password tomb. If a .timer file is present in the store, a systemd timer
will be initialized.
If --timer, -t is specified, along with an argument, the password store will be
automatically closed using a systemd timer after a given time. If a .time file was
already present in the store, this time will be updated.
If --force is specified, the password store will create or mount the password store
even if a plain text swap is present. Make sure you know what you are doing if you
force an operation.
If subfolder is specified, the password store will be opened in the subfolder.
pass close [store]
Close a password tomb.
If store is specified, pass close will try to close this store.
OPTIONS
-n, --no-init
Do not initialise the password store
-t, --timer
Close the store after a given time
-p, --path
Create the store for that specific subfolder
-f, --force
Force the tomb operations (i.e. even if swap is active)
-q, --quiet
Be quiet
-v, --verbose
Be verbose
-d, --debug
Print tomb debug messages
--unsafe
Speed up tomb creation (for testing purposes only)
-V, --version
Show version information
-h, --help
Show usage message
EXAMPLES
Create a new password tomb
zx2c4@laptop ~ $ pass tomb Jason@zx2c4.com
(*) Your password tomb has been created and opened in ~/.password-store.
(*) Password store initialised for Jason@zx2c4.com.
. Your tomb is: ~/.password.tomb
. Your tomb key is: ~/.password.key.tomb
. You can now use pass as usual.
. When finished, close the password tomb using 'pass close'.
Open a password tomb
zx2c4@laptop ~ $ pass open
(*) Your password tomb has been opened in ~/.password-store.
. You can now use pass as usual.
. When finished, close the password tomb using 'pass close'.
Close a password tomb
zx2c4@laptop ~ $ pass close
(*) Your password tomb has been closed.
. Your passwords remain present in ~/.password.tomb.
Create a new password tomb and set a timer
zx2c4@laptop ~ $ pass tomb Jason@zx2c4.com --timer=1h
(*) Your password tomb has been created and opened in ~/.password-store.
(*) Password store initialised for Jason@zx2c4.com.
. Your tomb is: ~/.password.tomb
. Your tomb key is: ~/.password.key.tomb
. You can now use pass as usual.
. This password store will be closed in 1h
zx2c4@laptop ~ $ pass open
(*) Your password tomb has been opened in ~/.password-store.
. You can now use pass as usual.
. This password store will be closed in 1h
Open a password tomb and set a timer
zx2c4@laptop ~ $ pass open
(*) Your password tomb has been opened in ~/.password-store.
. You can now use pass as usual.
. This password store will be closed in 10min
ENVIRONMENT VARIABLES
PASSWORD_STORE_TOMB
Path to tomb executable
PASSWORD_STORE_TOMB_FILE
Path to the password tomb, by default ~/.password.tomb
PASSWORD_STORE_TOMB_KEY
Path to the password tomb key file by default ~/.password.key.tomb
PASSWORD_STORE_TOMB_SIZE
Password tomb size in MB, by default 10
SEE ALSO
pass(1), tomb(1), pass-import(1), pass-update(1), pass-otp(1)
AUTHORS
pass tomb was written by Alexandre Pujol ⟨alexandre@pujol.io⟩.
COPYING
This program is free software: you can redistribute it and/or modify it under the terms of
the GNU General Public License as published by the Free Software Foundation, either
version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program.
If not, see <http://www.gnu.org/licenses/>.