A simple, easy-to-use password manager for Windows.
Pass-winmenu follows the philosophy of (and is compatible with) the Linux password manager pass, which defines an open standard for password management that's easy to extend and customise to your personal requirements.
Pass (https://www.passwordstore.org) stores passwords as GPG-encrypted files organised into a directory structure. Its simplicity and modularity offer many advantages, most importantly:
- Cryptography is handled by GPG, an open-source, high quality security suite trusted and used by security analysts, journalists, Linux distributions and many other parties all over the world
- The use of open standards makes it easy for anyone to develop compatible password managers for any platform they like (Linux, Android, Windows, Mac OS, etc)
- Because the passwords are simply stored as encrypted files in directories, you can organise them with your file manager and synchronise them across your devices using whatever method you prefer (Git, Dropbox, Nextcloud, etc).
- The passwords are securely encrypted with your own GPG keys, which can only be unlocked with your master password. Even if someone manages to acquire your encrypted passwords and your GPG keys, they won't be able to do anything unless they have your master password.
Unfortunately, while there are many Linux integrations available, Windows integrations are more scarce.
I wasn't happy with the existing ones, so I created my own, focusing on easy, keyboard-friendly interaction and a minimal interface that stays out of your way.
Bring up the password menu with the keyboard shortcut
Ctrl Alt P.
The password menu allows you to quickly browse through your passwords and select the right one.
Select the right password file by double-clicking it, or by using the arrow keys and pressing Enter.
The password will be decrypted using GPG, and your GPG key passphrase may be requested through pinentry.
The decrypted password will then be copied to your clipboard and/or entered into the active window,
depending on your
Pass-winmenu can be configured using the
pass-winmenu.yaml configuration file located next to the
If this file does not exist, a new one, containing the default settings, can be generated by starting the application.
Pass-winmenu is built against .NET Framework 4.5.2, which should already be installed on every version of Windows since Windows 7.
Git support is provided by LibGit2Sharp, which requires some native dependencies which are contained within the release builds.
For convenience, the release builds also contain a portable GPG installation, which pass-winmenu uses by default.
If you already have GPG installed, you may want to use that instead. In that case, you can download the
nogpg release, which will use your native GPG installation.
Installing pass-winmenu is as easy as downloading the zip file for the latest release and extracting it anywhere you want. It is recommended that you download the regular release, unless you already have GPG installed and accessible from your commandline. In that case you can also use the
nogpg release. A Chocolatey package is also available.
If this is your first time using
pass, you'll want to create a password store and import/create your GPG keys next.
This process is explained below.
Setting up GPG:
If you already have a GPG key, you may want to consider importing it and using that (see 'accessing an existing password store on a different host').
If you've never used GPG before, you can generate a new key. Start pass-winmenu, right click the key icon
in the notification area, and click
This will open a PowerShell window in which you'll be able to set up your GPG keys. Start by generating a new key:
powershell> gpg --gen-key
Follow the instructions to generate your GPG keys. If it asks you what kind of keys
you want to generate, don't pick any of the
sign only options, as they don't
include an encryption key, which is required for encrypting passwords.
The default, RSA and RSA, is recommended.
When it asks you for an email address, remember that address, as you'll need to enter it again in a bit.
Finally, you'll be asked to enter a passphrase. Make sure this is a very secure, unique passphrase, as it can be used to decrypt all your passwords, but don't make it too hard to enter, since you'll need to enter it regularly.
Creating a new password store:
Determine in which directory you want to store your passwords.
By default, pass-winmenu will assume it's
If you want to use that directory, create it:
powershell> mkdir $HOME\.password-store
Save the email address you used for creating your GPG key into a
in the root of your password directory.
powershell> echo "firstname.lastname@example.org" | Out-File -Encoding utf8 $HOME\.password-store\.gpg-id
If you've used a different location for your password store directory, you'll have to point pass-winmenu to it.
pass-winmenu.yaml in the directory where you've installed the application, and set the
variable to the correct location. Exit pass-winmenu (right click the icon > Quit), and start it again.
You should now have a working password manager.
If you want to access your passwords on multiple devices, you have several options. What follows are the instructions for setting up Git, but all software able to synchronise directories will work: Git, SVN, Dropbox, Google Drive, ownCloud, network shares, bittorrent sync...
To synchronise your passwords using Git, initialise a new Git repository at the root of your password store:
powershell> cd $HOME\.password-store powershell> git init powershell> git add -A powershell> git commit -m "Initialise password repository"
You'll also need a remote Git server. GitLab offers free private repositories, and GitHub does too if you're a student. Alternatively, you can of course run your own Git server.
Add an empty repository on your Git provider of choice, then connect your password store to it. Depending on where you're hosting your repository, it might differ a bit, but you'll usually have to do something like this:
powershell> git remote add origin https://github.com/yourusername/password-store.git powershell> git push --set-upstream origin master
Accessing an existing password store on a different host
If you already have a password store and you want to access it from another computer, you'll have to import your GPG keys on it. Follow the above instructions for installing GPG and Git, then export your GPG keys on the machine where you already have a working password store:
powershell> gpg --export-secret-key -a email@example.com > private.key
private.key file to the machine on which you're setting up your password store, and import it.
powershell> gpg --import private.key
Now, set the key validity so that it can be used to decrypt your password files.
powershell> gpg --edit-key firstname.lastname@example.org gpg> trust
Set the trust level to
5 (ultimate trust) and save your key.
Clone your password repository
powershell> git clone https://github.com/yourusername/password-store.git $HOME/.password-store
Then run pass-winmenu, edit the generated
pass-winmenu.yaml configuration file as necessary,
and start it again.
Check out https://www.passwordstore.org/#other if you're looking for implementations for other operating systems.