For a few years now I have been using the pass password manager. It is a wonderfully simple way to manage passwords using PGP to encrypt passwords in text files. The same files can then be placed in a git repository, which makes replicating passwords easy.
For different reasons I am now migrating to gopass, a Go implementation of
pass with a few additional features. I am using Homebrew to install gopass on my machine:
brew install gopass. Theoretically,
gopass should work out-of-the-box and is compatible with the old
pass utility. So I was quite surprised to see an error message like this:
$ gopass github
Entry 'github' not found. Starting search...
Found exact match in 'github.com/simonkrenger'
gpg: decryption failed: No secret key
Error: failed to retrieve secret 'github.com/simonkrenger': Failed to decrypt
Strange. But decrypting the password file directly using PGP works fine:
$ gpg -d ~/.password-store/github.com/simonkrenger.gpg
If the above command using
gpg does not work, check your keys using
gpg --list-keys and
gpg --list-secret-keys. Especially when migrating to GPG2, sometimes keys do not get imported into the new keyrings. In case you need to import the old keyring into the new format like so:
$ gpg --import ~/.gnupg/pubring.gpg
$ gpg --import ~/.gnupg/secring.gpg
But even after importing the keys, I still received
gpg: decryption failed: No secret key. So after searching around I found that I need to set the
$ export GPG_TTY=$(tty)
It seems that not setting the
GPG_TTY environment variable leads to the error above. Which is quite misleading. After setting this environment variable (and adding it to the
.bash_profile), gopass works as expected.