Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Search in GPG-encrypted password file.
Python Makefile JavaScript
Branch: master


New PyPi badge url.
latest commit 0edda4da89
@catch22 authored
Failed to load latest commit information.
pw Added --raw mode
test improved test
.gitignore misc
.travis-requirements.txt enable python 3 (by using xerox from git)
.travis.yml enable python 3 (by using xerox from git)
LICENSE spring cleanup; new features forgot to rename README in
Makefile now using twine for upload Update
pw.sublime-project added sublime project
setup.cfg added “license” key and precise python versions supported
tox.ini enable python 3 (by using xerox from git)

pw Build Status Latest Version

pw is a Python tool to search in a GPG-encrypted password database.

Usage: pw [OPTIONS] [USER@][KEY]

  Search for USER and KEY in GPG-encrypted password database.

  --copy / --no-copy          copy password to clipboard (default)
  -E, --echo / --no-echo      print password to console
  -L, --open / --no-open      open link in browser
  -S, --strict / --no-strict  fail unless precisely a single result has been found
  --raw / --no-raw            output password only
  --database-path PATH        path to password database
  --edit                      launch editor to edit password database
  -v, --version               print version information and exit
  --help                      Show this message and exit.


To install pw, simply run:

$ pip install pw

Password Database, File Format, and Editing

By default, the password database is located at ~/.passwords.yaml.asc and automatically decrypted by using GnuPG if the file extension is .asc or .gpg. It uses a straighforward YAML format as in the following example, which is hopefully self-explanatory:

    - U:
      P: "*****"
    - U:
      P: "*****"
      N: "John's account"
  My Private Server:
    U: root
    P: "*****"
    N: "With great power comes great responsibility."
  (An Old Entry That Is Ignored):
    U: foo
    P: bar

  PIN: 12345   # shortcut notation (only provide password)

To edit the database, use pw --edit. This requires that the environment variable PW_GPG_RECIPIENT is set to the key with which the database should be encrypted and invokes the editor specified in the PW_EDITOR environment variable (make sure to use blocking mode, e.g., subl --wait).

Warning: This feature requires that the password database is temporarily stored in plain text in the file system, data leaks may arise. To some extend, this can be mitigated by using, e.g., tmpfs and by providing the editor with the adequate options that ensure that no backup copies, swap files, etc. are created.

Something went wrong with that request. Please try again.