rpass
| Crates.io | rpass |
| lib.rs | rpass |
| version | 0.1.9 |
| created_at | 2025-06-23 12:35:51.920334+00 |
| updated_at | 2025-10-16 15:48:41.122152+00 |
| description | A (symmetric/asymmetric) GPG-based secrets manager for the CLI |
| homepage | https://achianumba.github.io/rpass |
| repository | https://github.com/achianumba/rpass |
| max_upload_size | |
| id | 1722869 |
| size | 223,622 |
Arinze Chianumba (achianumba)
documentation
README
rpass
rpass is a pass inspired secrets manager.
[!WARNING] ⚠️ THIS PROJECT IS AN ACTIVE WORK-IN-PROGRESS.
⚠️ CORE COMMANDS WORK BUT MAY BREAK BEAUSE THIS PROJECT IS STILL EVOLVING.
⚠️ SUBSEQUENT RELEASES MAY INCLUDE BREAKING CHANGES.
rpass list output:
rPass Store
├── some-service
│ └── username@some-service.com
└── example
└── bob@example.com
tree output:
.rstore ├── 3c11af1b-2c11-411a-bc4b-9e2aef34a928 │ └── 26ee01a5-180d-4aee-9d03-2d83154c989b.gpg ├── b206d775-8adc-4e1d-9f30-88a6cd6f1a10 │ └── 67da9fe5-81fa-4990-a022-25623b788128.gpg └── store.toml
Features
- Cross-platform
- Asymmetric/Symmetric encryption
- Entry anonymization
- Clipboard support
- Git integration
- Random password/passphrase generation
- Manage multiple stores
It just writes and reads data to and from gpg's stdin and stdout through a pipe. This way, the contents of a secret aren't logged (not even by auditd).
Installation
Dependencies
rpass has the following runtime dependencies:
Install from source
git clone https://github.com/achianumba/rpass.git
cd rpass
cargo build --release
sudo mv target/release/rpass /usr/local/bin
Install from Crates.io
cargo install rpass
Usage
[!NOTE] All operations run against the store at
$HOME/.rstoreor%USERPROFILE%/.rstoreby default. To override this behaviour, set theDEFAULT_RPASS_STOREenvironment to a different location in your shell profile/rc files.
Create a store
Create a store of symmetrically encrypted secrets:
rpass init
Create a store of asymmetrically encrypted secrets:
rpass init -k A6C4C64CCC8E8D4A278660B0A78A721FDBC087D9
Create a store and manage its history through revision control
rpass init -gk A6C4C64CCC8E8D4A278660B0A78A721FDBC087D9
Create a store in Documents/store by explicitly setting target store path.
rpass init -k A6C4C64CCC8E8D4A278660B0A78A721FDBC087D9 Documents/store
Insert a secret
Insert a username and a password for bob@example.com:
rpass insert example/bob@example.com
Insert a secret containing whatever field name you want:
rpass insert -c some-service/username@some-service.com
Echo each characters to the screen as it's enter by the user while inserting a secret:
rpass insert -e example/bob@example.com
Insert a secret into the store at Documents/store:
rpass insert example/bob@example.com Documents/store
Generate and optionally insert secrets
Generate a 32-character password (default):
rpass generate -p
Generate a 15-character password:
rpass generate -pl 15
Generate a 6-word passphrase:
rpass generate -P
Generate a 10-word passphrase:
rpass generate -Pl 10
Generate and insert a password for whois@home.local:
rpass generate -p whois@home.local
List human-friendly secret names and fields
List the fields in a secret:
rpass list whois@home.local
List the secrets in a group:
rpass list example
Show the fields and values of a secret
Print the value of the password field to the console:
rpass show whois@home.local -f password
Print a JSON object containing the field names and values of the password and username to the console:
rpass show whois@home.local -f password username
Print a JSON object containing all field names and their values to the console:
rpass show whois@home.local
Edit an existing secret
Rename the username field:
rpass edit whois@home.local -f username
Change the username field's value:
rpass edit whois@home.local -v username
Add an api-token field to an existing secret:
rpass edit whois@home.local -n api-token
Delete a secret
Delete a secret named throwaway123
rpass remove throwaway123
Perfom Git operations against a store
For example, view a summary of the store's history by running:
rpass git log --oneline
Copy a secret
Copy a secret named whois@home.local to whois@localhost:
rpass copy whois@home.local whois@localhost
Move a secret
Move a secret named whois@localhost to local:
rpass move whois@localhost local
Roadmap / Planned Features
The following are on the roadmap but not yet implemented:
grep: Search for strings in secretsfind: Search for strings in secret pathnamesexport: Export secret, group, or store to JSON or to an archive with the same file tree a recipient.import: Import secrets.serve: Serve secrets over a REST API.