NAME

       gopass - stores, retrieves, generates, and synchronizes passwords securely

SYNOPSIS

       gopass [ COMMAND ] [ OPTIONS ]... [ ARGS ]...

DESCRIPTION

       gopass is a very simple password store that keeps passwords inside gpg2(1) encrypted files
       inside a simple directory tree residing at ~/.password-store.  The gopass utility provides
       a  series  of  commands  for  manipulating  the  password store, allowing the user to add,
       remove, edit, synchronize, generate, and manipulate passwords.

       If no COMMAND is specified, COMMAND defaults to either show or ls, depending on  the  type
       of specifier in ARGS. Otherwise COMMAND must be one of the valid commands listed below.

       Several  of the commands below rely on or provide additional functionality if the password
       store directory is also a git repository.  If  the  password  store  directory  is  a  git
       repository,  all  password  store  modification  commands  will  cause a corresponding git
       commit.  git(1).

       The init command must be run before other commands in order  to  initialize  the  password
       store  with  the  correct  gpg key id. Passwords are encrypting using the gpg key set with
       init.

       There is a corresponding bash completion script for use with tab completing password names
       in bash(1).

COMMANDS

       init [ --path=path, -p path ] gpg-id...
              Initialize  new  password  storage and use gpg-id for encryption.  Multiple gpg-ids
              may be specified, in order to  encrypt  each  password  with  multiple  ids.   This
              command  must  be  run first before a password store can be used.  If the specified
              gpg-id is different from the key used in any existing files, these  files  will  be
              reencrypted  to  use  the  new id.  Note that use of gpg-agent(1) is recommended so
              that the batch decryption does not require as much user intervention.

       ls subfolder
              List names of passwords inside the tree at subfolder by using the tree(1)  program.
              This command is alternatively named list.

       grep search-string
              Searches  inside  each decrypted password file for search-string, and displays line
              containing matched string along with filename.

       find pass-names...
              List names of passwords inside the tree that match pass-names by using the  tree(1)
              program. This command is alternatively named search.

       show [ --clip, -c ] [ --two-factor, -2fa ] [ --username, -u ] pass-name
              Decrypt and print a password named pass-name.  If --username or -u is specified, do
              not print the password but instead attempt to find the username.  If --clip  or  -c
              is  specified,  do  not  print  the password but instead copy the first line to the
              clipboard using xclip(1).   If  --two-factor  or  -2fa  is  specified,  attempt  to
              generate  a  TOTP  code  for  the  given  password. This requires that the password
              contain either a full otpauth:// URI or a TOTP secret prefixed by '2fa:'.

       insert [ --multiline, -m ] [ --force, -f ] pass-name
              Insert a new password into the password store called pass-name. This will read  the
              new password from standard in. If --multiline or -m is specified, an editor will be
              opened for you to type the password. Otherwise, only a single line from standard in
              is  read.  Prompt  before overwriting an existing password, unless --force or -f is
              specified. This command is alternatively named add.

       edit pass-name
              Insert a new password or edit an existing password using the  default  text  editor
              specified  by  the  environment variable EDITOR or using editor as a fallback. This
              mode makes use of temporary files for editing.

       generate [ --no-symbols, -n ] [ --force, -f ] pass-name pass-length
              Generate a new password of length pass-length and insert into pass-name.  If  --no-
              symbols  or  -n  is  specified,  do  not use any non-alphanumeric characters in the
              generated password. Prompt before overwriting an existing password, unless  --force
              or -f is specified.

       rm [ --recursive, -r ] [ --force, -f ] pass-name
              Remove  the  password  named  pass-name  from  the  password store. This command is
              alternatively named remove or delete. If --recursive or  -r  is  specified,  delete
              pass-name  recursively  if it is a directory. If --force or -f is specified, do not
              interactively prompt before removal.

       mv [ --force, -f ] old-path new-path
              Renames the password or directory named  old-path  to  new-path.  This  command  is
              alternatively named rename. If --force is specified, silently overwrite new-path if
              it exists. If new-path ends in a trailing /, it is always treated as a directory.

       cp [ --force, -f ] old-path new-path
              Copies the password or directory  named  old-path  to  new-path.  This  command  is
              alternatively  named  copy. If --force is specified, silently overwrite new-path if
              it exists. If new-path ends in a trailing /, it is always treated as a directory.

       git git-command-args...
              If the password store is a git repository, pass git-command-args  as  arguments  to
              git(1) using the password store as the git repository. If git-command-args is init,
              in addition to initializing the git repository, add the  current  contents  of  the
              password store to the repository in an initial commit.

       help   Show usage message.

       version
              Show version information.

FILES

       ~/.password-store
              The default password storage directory.

       ~/.password-store/.gpg-id
              Contains  the  default  gpg  key identification used for encryption and decryption.
              Multiple gpg keys may be specified in this file, one per line.

ENVIRONMENT VARIABLES

       PASSWORD_STORE_DIR
              Overrides the default password storage directory.

       EDITOR Text editor to use.

SEE ALSO

       gpg2(1), git(1),

AUTHOR

       gopass was written by Alexandre Viau ⟨alexandre@alexandreviau.net⟩.  For updates and  more
       information,   a   project   page   is   available   on   the   World  Wide  Web  ⟨http://
       www.github.com/aviau/gopass⟩.

       pass  was  written  by  Jason  A.  Donenfeld  ⟨Jason@zx2c4.com⟩.   For  updates  and  more
       information,   a   project   page   is   available   on   the   World  Wide  Web  ⟨http://
       www.passwordstore.org/⟩.

COPYING

       This program is free software; you can redistribute it and/or modify it under the terms of
       the  GNU  General  Public  License  as  published  by the Free Software Foundation; either
       version 3 of the License, or (at your option) any later version.

       This program is distributed in the hope that it will be useful, but WITHOUT ANY  WARRANTY;
       without  even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
       See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with this program;
       if  not,  write  to  the  Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
       Boston, MA  02110-1301, USA.