Next: , Previous: , Up: Emacs auth-source   [Contents][Index]

5 The Unix password store

The standard unix password manager (or just pass) stores your passwords in gpg-protected files following the Unix philosophy. The store location (any directory) must be specified in the auth-source-pass-filename variable which defaults to ~/.password-store.

Emacs integration of pass follows the approach suggested by the pass project itself for data organization to find data. In particular, to store a password for the user rms on the host and port 22, you should use one of the following filenames.

No username or port in the filename means that any username and port will match.

The username to match can be expressed as filename inside a directory whose name matches the host. This is useful if the store has passwords for several users on the same host.

The username can also be expressed as a prefix, separated from the host with an at-sign (@).

The port (aka. service) to match can only be expressed after the host and separated with a colon (:). The separator can be changed through the auth-source-pass-port-separator variable.

Entries can be stored in arbitrary directories.


If several entries match, the one matching the most items (where an “item” is one of username, port or host) is preferred. For example, while searching for an entry matching the rms user on host and port 22, then the entry is preferred over

Users of pass may also be interested in functionality provided by other Emacs packages:

Variable: auth-source-pass-filename

Set this variable to a string locating the password store on the disk. Defaults to ~/.password-store.

Variable: auth-source-pass-port-separator

Set this variable to a string that should separate an host name from a port in an entry. Defaults to ‘:’.

Next: Help for developers, Previous: Secret Service API, Up: Emacs auth-source   [Contents][Index]