Skip to content
Tags give the ability to mark specific points in history as being important
  • 1.7.4
    1078f251 · version: bump ·
    Release 1.7.4. Wayland support and bug fixes.
  • 1.7.3
    74fdfb50 · version: bump ·
    Release 1.7.3. A few small bug fixes.
  • 1.7.2
    8d460492 · version: bump ·
    Release 1.7.2. Large number of bug fixes, including a security fix.
  • 1.7.1
    38ec1c72 · Bump version ·
    Release 1.7.1. Changes:
    == Bug Fixes ==
    * Fix test suite on OS X
    * Add compatibility with GnuPG 2.2.19
    * Uniformly use the $GPG variable
    * Do the correct thing with subkeys when reencrypting
  • 1.7
    20081b54 · Bump version ·
    Release 1.7. Changes:
    == New Features ==
    * Extensions: pass can now load user-defined extensions from a system
      directory or a user directory. There's already a nice ecosystem of
      extensions being built, even at this early stage. See the pass man page for
      more information.
    * Signatures: there is now an option to enforce signatures of the .gpg-id file
      and extensions using an environment variable.
    * QRCodes: generate and show have now learned the --qrcode/-q switch. Note to
      package maintainers: this adds a dependency on the popular qrencode package.
    * Password generation: rather than use pwgen, we now use /dev/urandom more
      directly, which results in more assured password security, as well as
      customizable character sets, via an environment variable. See the pass man
      page for more information on this customization. Package maintainers: you
      may now drop the dependency on pwgen.
    * Importers: there now are several more importers. More and more folks are
      moving to pass!
    * Selectable clipping: you can now specify which line you wish to copy to the
      clipboard or display with a qrcode when using -c or -q.
    * Git discovery: The PASSWORD_STORE_GIT environment variable has been removed,
      and instead pass will automatically choose the git repository closest to the
      file being modified (but not out of the actual password store itself). This
      should help people who like to nest git repos for different organizations.
    * Bug fixes: too many to count.
    == Note To Distros ==
    * Drop the dependency of pwgen.
    * Add the dependency of qrencode.
    * The Makefile now does the right thing with DESTDIR, so you might want to
      double check that your package recipe does the right thing.
    * The semantics for auto-detection of bash completion has changed, with new
      environment variables for such things. See INSTALL for details.
  • 1.6.5
    1aac79d9 · Bump version ·
    Release 1.6.5. Changes:
    == Features ==
    * Support Gpg4win alongside Cygwin
    == Bug Fixes ==
    * Work around unit tests bug with GnuPG 2.1.0 and 2.1.1
    * Manually migrate unit tests keys to GnuPG 2.1 series
    * Restore support GnuPG 2.0 series
  • 1.6.4
    ed24e9cd · Bump version ·
    Release 1.6.4. Changes:
    == Features ==
    * "add" is an alias of "insert"
    * `pass edit` will no longer make a commit if the password does not change
    * Symbolic links are now followed
    * Remove gpg agent check, due to the auto-starting gpg-agent in GnuPG 2.1
    == Bug Fixes ==
    * Avoid trailing slash in `pass grep`
    * Account for $CLIP_TIME in messages
    * revelation2pass, keepassx2pass, and other script improvements
    * Fix .gpg extension in tree listings, and preserve colors
    * Improved support for getopt on OSX
    * Updates for zsh and fish completion autoloading
    * Always preserve TTY for pinentry
    * Only use encryption subkeys
    * Better clip error messages
    * No longer use hidden recipients
  • 1.6.3
    891d2aa6 · Bump version. ·
    Release 1.6.3. Changes:
    == Features ==
    * passmenu now takes --type as its first argument, which will type the
      password instead of copying it to the clipboard.
    == Bug Fixes ==
    * OSX now properly unmounts temporary mounts and ejects ramdisks.
    * All BSDs now have cleaner temporary files.
    * Temporary files for `pass edit` now end in .txt so vim does the right thing.
    * When edit fails, prompt for retrying instead of going into crazy loop.
    * keepassx2pass conversion script now handles empty strings.
  • 1.6.2
    a12aa277 · Bump version ·
    Release 1.6.2. Changes:
    == Features ==
    * generate now has an --in-place option to replace only the
      first line of a file with a new password
    * generate now uses pretty ansi colors
    * `pass git diff` will now decrypt your history in memory on the
      fly to show real text diffs of how your passwords have changed
    * Lots of general code cleanups and restructurings
    == Bug Fixes ==
    * test suite escapes characters properly
    * use install -d instead of mkdir -p in makefile
    * do not rely on bash inside of makefile
    * cleaner tmpdir cleanup logic
    * use portable sed in zsh completion
    * gpg key sorting is now done with LC_ALL=C
    * git sub-commands will now use a secure tmpdir
    * properly escape input to sed during reencryption
    * tests now work on directories with spaces
    * gpg secmem warning is disabled during gpg key comparison so that
      output is consistent on bsd
    * tmpdir templates actually work now when making a secure tmpdir
    == New Additions from Contributors ==
    * KWallet importer script
  • 1.6.1
    477d770f · version: bump ·
    Release 1.6.1. Changes:
    == Bug fixes ==
    * OSX and BSD does not support the -D option in the install, which was causing
      some major problems in 'make install'. Work around this while also
      introducing BASHCOMP_PATH and related arguments.
    * Better error message if operating on a non-existant password store.
  • 1.6
    Release 1.6. Changes:
    == Features ==
    * `pass find` allows searching for filenames or directory names within the
      password store. It makes use of tree 1.7.0 features that the pass community
    * `pass grep` allows searching inside of encrypted files.
    * `pass mv` and `pass cp` allow moving and copying password files around, and
      automatically reencrypt them if the source folder requires a different
    * The --reencrypt/-e switch is now gone from init. All comands that change
      gpg-id or move password files around (such as mv and cp) automatically
      reencrypt passwords *as needed*, if the source has a different gpg-id or if
      the gpg-id for a given directory has changed.
    * `make test` will now run an ever-growing test suite of automated unit tests
      to ensure that we remain bug-free.
    * pass init allows deinitializing sub-gpg-id files by an empty string key
    * If stdin is not a tty, no interactive questions are asked.
    * Empty folders are pruned on removing or moving entries.
    * Sneaky paths are checked and prevented.
    * Platform files run before installation too now.
    * Support for Windows/Cygwin.
    * We detect gpg-agent and display a warning if it's not running before
      mass-reencryption operations.
    * Makefile now automatically detects bash/zsh/fish completion support.
    * Complete reorganization of codebase for improved maintainability.
    * Revelation2pass converstion script supports xml.
    * Keepassx2pass conversion script handles new lines and slashes.
    == Bug Fixes ==
    * Bash completion is installed to correct place
    * Better error messages.
    * Clarification of secure tmpdir on FreeBSD.
    * Platform installation supports GNU sed.
    * Zsh completion supports trailing slashes.
    * Typos.
    == New Additions from Contributors ==
    * 1Password importer
    * Pass now supports Emacs:
  • 1.5
    Release 1.5. Changes:
    == Features ==
    - Team pass is now possible! At last! Each .gpg-id file may contain multiple
      IDs, separated by a new line, and `pass init` now takes multiple options for
      specifying multiple keys with which to populate .gpg-id.
    - Different directories may now have their own .gpg-id, and `pass init` has
      now learned a -p/--path switch for writing this file. This may be used to
      have different access permissions for different sub-folders.
    - All temporary files, even ones that exist merely in a tmpfs ram disk, are
      overwritten with random data before deletion, using shread or wipe,
      depending on the platform.
    - If git is in use, all commits can be signed with the "user.signingkey" ID if
      "pass.signcommits" is enabled in git-config. This protects against remote
    - Clipboard selection can now be overwritten using the
      PASSWORD_STORE_X_SELECTION environment variable, and the timeout time before
      restoring the clipboard can be overwritten using PASSWORD_STORE_CLIP_TIME.
    - The umask can now be overwritten with the PASSWORD_STORE_UMASK environment
    - gpg v1 can be used, in addition to the already supported v2
    == Bug Fixes ==
    - Do not race between clipboard restoration instances at once
    - We now properly follow symlinks with tree and with reencryption
    - Fix conflict between passwords and directories with the same name
    - Bash completion goes in the correct folder
    - Many bash and sed simplifications and optimizations
    - `mktemp` now uses the correct argument order
    - We no longer use GPG compression, due to security concerns
    - Documentation improvements
    - Bash, zsh, and fish completion clean-ups
    - Lots of import script fixes
    - Non-recursive makefile
    - On re-encryption in `pass init`, a pipe failure no longer blanks file
    == New Import Scripts from Contributors ===
    - KED password manager
    - Revelation password manager
    - Keepass2 password manager
    - Gorilla password manager
    - Pwsafe password manager
    == Other Contributed Projects ==
    - A firefox plugin
    - An iOS app
    - A dmenu script
  • 1.4.2
    542cf6e9 · Man page cosmetics. ·
    Release 1.4.2. Changes:
    - On insert, no-echo mode is now default, with the --echo mode to turn on echoing of passwords.
    - Cosmetic changes with the tree display
    - Addition of lastpass2pass.rb importer
    - Man page typos
    - Bugfix for backslashes when reading passwords
  • 1.4.1
    Release 1.4.1 for Fedora fixes.
    Fedora keeps gpg1 and gpg2 side by side, so it's best
    to just explicitly specify gpg2. Also fixes an error
    handling bug reported by a Redhat wizard.
  • 1.4
    ec5eeec7 · Style fixes. ·
    Release version 1.4.
    - Finally a viable cross platform solution by sourcing platform specific overrides
      * Darwin / Homebrew support built-in
      * FreeBSD support from Jonathan Chu
    - Recursive and forced removal of directories in `pass rm`
    - More robust git handling in places that count
    - Special treatment of `pass git init` for initial commit
    - Ability for `pass init` to reencrypt entire repository using new key
    - Prompt before overwriting passwords in insert and generate
      for use with nesting repositories, using different repositories, or sharing repos with teams
    - Removal of debian code, as upstream debian/ubuntu are now handling this (thanks Colin Watson)
    - More precise error handling paths
    - Updating of documentation and dependency lists
    - Addition of two importer scripts in contrib:
      * by Jeffrey Ratcliffe
      * by Juhamatti Niemelä
    - Total overhaul of bash and zsh completion system from Brian Mattern
    - Addition of fish completion script from Dmitry Medvinsky
    - Countless bug fixes and style improvements
  • 1.3.1
    820d3d5e · Bump to 1.3.1. ·
    Release 1.3.1 for whiny Mac users.
  • 1.3
    f6c945b0 · Bump version. ·
    Release version 1.3.
      - Let PASSWORD_STORE_DIR override the password store directory location
      - Use GNU getopt to allow arguments to be anywhere
      - Confirm before overwriting on insert (use --force to revert behavior)
      - Use GNU readline when reading passwords in the default insert mode
      - Skip directories and add edit mode to ZSH completion file
      - Make GPG output quieter
      - Support ramdisk on OSX via out-of-tree patch
      - Add --version switch
    Bug fixes:
      - Don't quote $EDITOR, so that folks can specify arguments to their editor
      - Be careful about cleaning up temporary files -- use signal handler to ensure it happens
      - Make more efficient use of bash's read command for prompting
      - Split out common gpg options into unified variable
  • 1.2.1
    f423a27d · Use portable mktemp. ·
    Release 1.2.1 to fix mktemp issues on OSX.
  • 1.2
    796610ee · Bump debian version. ·
    Release 1.2. This makes the following changes:
    * Improved ZSH completion script
    * --help in addition to help
    * Better git argument passing
    * Better support for metadata in multi-line mode by having the --clip and -c operations only copy the first line
    * Edit mode that calls $EDITOR on the password file, after being temporarily and securely decrypted to /dev/shm.
  • 1.1.4
    Release 1.1.4 with zsh completion script and better source folder organization.