Password Manager
This module will automatically install pass
as your password manager. It also provides a custom version of passmenu
using bemenu
for Wayland sessions called passmenu-bemenu
and configures passff for your web browser.
View the nix-core Home Manager module on GitHub.
Setup
It is assumed that you have a GPG key.
HM config
imports = [
inputs.core.homeModules.passwordManager
];
programs.passwordManager = {
enable = true;
key = "YOUR_GPG_KEYGRIP";
wayland = true; # if you are using Wayland
};
Get your keygrip with
gpg -K --with-keygrip
Password Store
pass
uses a Password Store to manage your password files. If this is your first time using pass
, follow option a). If you already have a remote git repository to store your password-store, follow option b).
a) Initialize a new Password Store
Read the introduction and setup guide on the pass home page.
b) Cloning your remote password-store repository
The following guide assumes that you have your private GPG key on a luks encrypted USB partition which is needed to access your remote repo through ssh.
- Identify the USB device:
Identify the device name for your USB drive using the
lsblk
orfdisk -l
command.
Look for the device corresponding to your USB drive (e.g., /dev/sdb1
).
- Unlock the LUKS partition:
Unlock the LUKS partition with the
cryptsetup luksOpen
command. Replace/dev/sdX1
with the actual device name of your USB partition.
You will be prompted to enter the passphrase for the LUKS partition.
- Mount the unlocked partition: Mount the unlocked LUKS partition to access the files.
- Import the GPG key:
Use the
gpg --import
command to import the GPG key from the mounted USB partition.
- Unmount and close the LUKS partition: After importing the key, unmount the partition and close the LUKS mapping.
- Clone your password store repository:
Clone your password store repository using the
git clone
command, for example: