Configuring pass on Windows

In my last post, I concluded that pass wasn’t any good if you use Windows due to the lack of browser extension and flaky apps.  I’ve since discovered how to set up both the command-line pass client and the Firefox extension on Windows, so thought it was worth another post to explain what I did.  Note, this isn’t a straightforward process.  You’re probably only interested in this if you primarily use a Unix-like system, but need Windows support too.  pass isn’t currently an ideal solution if you primarily use Windows.  This also assumes you’re running 64-bit Windows 7, other versions may have slightly different paths in the commands.


To run pass on Windows, you need GPG, Cygwin and some Cygwin packages.

For GPG, download and install GPG4Win.

Next, download Cygwin and run the setup.  Install the following packages: git, make, automake, tree.  If you are using git to sync your password store, you may also want to install ssh.

Run the Cygwin shell and create an alias for gpg:

alias gpg='/cygdrive/c/Program\ Files\ \(x86\)/GNU/GnuPG/gpg2.exe'
alias gpg >> .bash_profile

Optional: You might find it easier to set your cygwin home directory to you Windows home directory with this command:

mkpasswd -l -p "$(cygpath -H)" > /etc/passwd

Read this page for more information about that command.


To install pass in cygwin, download the zip and extract it.  In the cygwin shell, cd to the directory where you’ve extracted it, and run

make install

This will install pass to /usr/bin/pass within the cygwin environment.  You can now follow the regular instructions for setting up your password store. If you are using git you may need to set the PASSWORD_STORE_DIR environment variable:

echo "export PASSWORD_STORE_DIR=/cygdrive/c/Users/username/.password-store" >> ~/.bash_profile
. .bash_profile

Firefox extension

The firefox extension isn’t available for Windows on (as it is for Linux), but you can download it directly from the Github page.

Once you’ve added it to Firefox, click the P icon on your toolbar and select Preferences.  Set the following values (note the double slashes!):

  • User Home: C:\\Users\\yourusername
  • Pass command: C:\\cygwin64\\bin\\bash.exe
  • Pass command line arguements: –login /usr/bin/pass

Thanks to this discussion for that information.

And that’s it!

Migrating Lastpass to pass password store

I’ve been a Lastpass customer for several years, and it’s been pretty much the only service I’ve used which stores my data on someone else’s servers (albeit encrypted).  I’ve never been particualrly happy with this, but haven’t found a solution that allows me to access to my passwords easily from multiple devices across multiple platforms, so have stuck with it until now.

My Lastpass subscription is due for renewal this month, and this week Lastpass suffered a security breach.  This coincides with my discovery of pass, a unix password manager that stores your passwords locally in plain text files encrypted with GPG.  It also integrates with git to allow your password store to be easily shared between devices, and has clients for Android (which I need for my phone) and Windows (which I need for work).  I decided to have a go at migrating to see how I got on.


Setting up on Linux was straightforward.  I’m running Ubuntu 14.04, so installed with apt-get install pass  I generated a key with gpg --gen-key and ran pass init to create a password store using the key.  I then ran pass git init to initialise the git repository.  Next, I exported my passwords from LastPass using their CSV export feature, and ran the file through this script to import then into pass.  Similar scripts are available for migration from other password stores.

I installed the Firefox extension, and it works like a charm, matching the current site and filling in login forms for me.

Before I could install a client on another device, I needed to push the git password store to a server.  I logged into my server that’s accessible via the Internet, created a folder and ran git init --bare since I don’t need to have the files checked out on the server.  I then ran pass git add remote to add the server, and pass git push to sync the passwords.


For Android, there is a client called Password Store which can be found in F-Droid or the Play Store.  First, you need to install OpenKeychain (available from the same places), and import your GPG key.  I followed this guide to export my key, copied it to my phone and used the “Import from File” option to add it to OpenKeychain.

In Password Store, I set up the Git repository and synced down my passwords.  I then set OpenKeychain the the OpenPGP provider, and I was set.  When unlocking a password, Password Store will automatically copy it to the clipboard for a defined number of seconds, then clear it.  OpenKeychain allows you to cache your key’s password for a defined number of minutes, so you don’t have to enter it repeatedly.  It then forgets it automatically.


Update: I’ve since worked out how to set up pass properly on Windows, including the Firefox extension.  See this post for a full guide.

There are several solutions for Windows, none of them are as complete as the Linux equivalents yet (for example, no Firefox plugin).  However, you can get a similar copy-to-clipboard-then-auto-delete workflow like on Android.

Firstly, you need to install Git and GPG.  I already had msysgit installed which includes gpg, but it’s an older version so I installed GPG4Win as well.  You then need to import your key into gpg.  I found this was easiest using the gpg CLI in git-bash (see the guide linked above again).

The “Windows Client” listed on the pass website is Pass4Win, but I found this to be buggy.  Instead, I went for the “Cross-platform GUI” listed in the site, QtPass.  This gives you the option to use native pass, or to use GPG and Git directly.  I went for the latter option (be sure to select the gpg2.exe executable installed by GPG4Win, not the older one provided by msysgit).

Running QtPass prompted me to create a password store – I selected the key I’d already added to GPG and it created the empty store.  To configure the git repository, I found it easiest to use the command line (it didn’t prompt me for git details in QtPass. I went to the password store directory that had just been created, then ran git init git remote add added the remote details to .git/config and ran git pull  Closing an re-opening QtPass found the git repository and I was good to go.


Lastpass has invested a lot in the usablitity of its soltution.  The browser plugins and Android apps take care of identifying websites and filling in the password for you.  pass is part way there, but still has a long way to go.  I’m willing to comprimise on the usability for the peace of mind of holding all my own data.  However, I wouldn’t recommend it to anyone who primarily uses Windows, and I wouldn’t want anyone who’s not familiar with what GPG is to try and set it up for themselves.  Once set up with the browser extension, it’s certainly a decent alternative to Lastpass on Linux, and a pretty good one on Android.