Provided by: pass-extension-tomb_1.1-4_all 
NAME
pass-tomb - A pass(1) extension that helps to keep the whole tree of password encrypted inside a tomb(1).
SYNOPSIS
pass tomb [args] gpgid...
pass open [args]
pass close [args]
DESCRIPTION
Due to the structure of pass(1), file- and directory names are not encrypted in the password store. pass
tomb provides a convenient solution to put your password store in a tomb(1) and then keep your password
tree encrypted when you are not using it.
It uses the same GPG key to encrypt passwords and tomb, therefore you don't need to manage more key or
secret. Moreover, you can ask pass-tomb to automatically close your store after a given time.
The new workflow is the following:
1. Create a password tomb with pass tomb. It creates a new tomb and opens it in ~/.password-store.
Then it initialises the password repository with the same GPG key.
2. Use tomb as usual.
3. When finished close the password tomb: pass close.
4. To use pass again, you need to open the password tomb: pass open.
COMMAND
pass tomb [ --no-init, -n ] [--timer=time, -t time]
[ --path=subfolder, -p subfolder ] [--force, -f] gpg-id...
Create and initialise a new password tomb. This command must be run first, before a password store
can be used.
Use gpg-id for encryption of both passwords and tomb. Multiple gpg-ids may be specified, in order
to encrypt the tomb and each password with multiple ids.
If --path or -p is specified, along with an argument, a specific password tomb using gpg-id or a
set of gpg-ids is assigned for that specific subfolder of the password store.
If --no-init, -n is specified, do not initialise the password store. By default, pass-tomb
initialises the password store with the same key(s) it generated the tomb. The purpose of this
option is to let the user free to initialise the password store with a different key or set of
keys.
If --timer, -t is specified, along with an argument, the password store will be automatically
closed using a systemd timer after a given time. This time will be saved in the .timer file
present in the store.
If --force is specified, the password store will create or mount the password store even if a
plain text swap is present. Make sure you know what you are doing if you force an operation.
pass open [--timer=time, -t time] [--force, -f] [subfolder]
Open a password tomb. If a .timer file is present in the store, a systemd timer will be
initialized.
If --timer, -t is specified, along with an argument, the password store will be automatically
closed using a systemd timer after a given time. If a .time file was already present in the store,
this time will be updated.
If --force is specified, the password store will create or mount the password store even if a
plain text swap is present. Make sure you know what you are doing if you force an operation.
If subfolder is specified, the password store will be opened in the subfolder.
pass close [store]
Close a password tomb.
If store is specified, pass close will try to close this store.
OPTIONS
-n, --no-init
Do not initialise the password store
-t, --timer
Close the store after a given time
-p, --path
Create the store for that specific subfolder
-f, --force
Force the tomb operations (i.e. even if swap is active)
-q, --quiet
Be quiet
-v, --verbose
Be verbose
-d, --debug
Print tomb debug messages
--unsafe
Speed up tomb creation (for testing purposes only)
-V, --version
Show version information
-h, --help
Show usage message
EXAMPLES
Create a new password tomb
zx2c4@laptop ~ $ pass tomb Jason@zx2c4.com
(*) Your password tomb has been created and opened in ~/.password-store.
(*) Password store initialised for Jason@zx2c4.com.
. Your tomb is: ~/.password.tomb
. Your tomb key is: ~/.password.key.tomb
. You can now use pass as usual.
. When finished, close the password tomb using 'pass close'.
Open a password tomb
zx2c4@laptop ~ $ pass open
(*) Your password tomb has been opened in ~/.password-store.
. You can now use pass as usual.
. When finished, close the password tomb using 'pass close'.
Close a password tomb
zx2c4@laptop ~ $ pass close
(*) Your password tomb has been closed.
. Your passwords remain present in ~/.password.tomb.
Create a new password tomb and set a timer
zx2c4@laptop ~ $ pass tomb Jason@zx2c4.com --timer=1h
(*) Your password tomb has been created and opened in ~/.password-store.
(*) Password store initialised for Jason@zx2c4.com.
. Your tomb is: ~/.password.tomb
. Your tomb key is: ~/.password.key.tomb
. You can now use pass as usual.
. This password store will be closed in 1h
zx2c4@laptop ~ $ pass open
(*) Your password tomb has been opened in ~/.password-store.
. You can now use pass as usual.
. This password store will be closed in 1h
Open a password tomb and set a timer
zx2c4@laptop ~ $ pass open
(*) Your password tomb has been opened in ~/.password-store.
. You can now use pass as usual.
. This password store will be closed in 10min
ENVIRONMENT VARIABLES
PASSWORD_STORE_TOMB
Path to tomb executable
PASSWORD_STORE_TOMB_FILE
Path to the password tomb, by default ~/.password.tomb
PASSWORD_STORE_TOMB_KEY
Path to the password tomb key file by default ~/.password.key.tomb
PASSWORD_STORE_TOMB_SIZE
Password tomb size in MB, by default 10
SEE ALSO
pass(1), tomb(1), pass-import(1), pass-update(1), pass-otp(1)
AUTHORS
pass tomb was written by Alexandre Pujol ⟨alexandre@pujol.io⟩.
COPYING
This program is free software: you can redistribute it and/or modify it under the terms of the GNU
General Public License as published by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see
<http://www.gnu.org/licenses/>.