This repository contains a Chrome extension that integrates the pass password manager with Chrome.
There are two folders in this repository that contain:
To use the extension you need to install the extension in your chrome or chromium browser and the python native application (chrome_pass).
These instructions have been tested in Ubuntu 24.04 and Debian 12 (bookworm):
sudo apt-get install pass python3 python3-pip
pip install --user chrome-pass==1.0.1
chrome_pass install
Get the extension from Chrome Web Store.
To reduce the code complexity of this extension there are some assumptions regarding how the password store is structured. In order for this extension to be able to list and decrypt your passwords these assumptions must be followed:
This extension assumes the password store is located inside the .password-store folder inside your home directory:
$HOME/.password-store
In case you have the password store located somewhere else you may try using a
symbolic link to work around this limitation or set the PASSWORD_STORE_DIR
env
variable to point to the password store location.
This plugin assumes that the last two parts of each password path follows this structure:
[Service URL]/[Username]
For example to keep some Gmail and Amazon accounts:
~/.password-store/
├── mail.google.com
│ ├── me@gmailcom
│ ├── [email protected]
│ └── [email protected]
└── Amazon
├── www.amazon.com
│ ├── [email protected]
│ └── [email protected]
└── www.amazon.co.jp
├── [email protected]
└── [email protected]
Your paths can have as many parts as you want as long as the last two follow the above structure. And the [Service URL] part must match the URL of the page you are viewing because it is used to select the corresponding password from the store.
If the pass file has configured pass-otp, then chrome-pass will generate the TOTP code and fill any numeric text inputs in the form with it.
For IAM accounts we need not only the login user and password but also the account 12 digit ID or alias. For these accounts, chrome-pass has some special logic to be able to fill all information in the login page.
Password Store
├── signin.aws.amazon.com
│ ├── [email protected]
│ ├── [email protected]
│ ├── 183413992345
│ ├── 550312930456-username1
│ ├── 550312930456-username2
│ └── accountalias
signin.aws.amazon.com
that is the URL for login into
the console.pass edit ...
and add two
key/value pairs anywhere after the password line:
username=[IAM username]
account=[12 digit AWS account id or alias]
username
to fill the username field,
the account
to fill the account id field, and the decrypted password
to
fill the password field.The chrome-pass extension looks for any key/value pairs in the pass gpg files
and fills any HTML input field with ID equal to the key
with the corresponding
value
.
In addition, if the value
is set to the following special placeholder values,
they are replaced with:
pass__user
: Replaced with the [Username]
extracted from the last part of
the pass path.pass__password
: Replaced with the decrypted pass password.pass__otpauth
: Replaced with the pass-otp code if available.Note
The special placeholder keys have double underscore __
characters.
This allows chrome-pass to work with some non-standard login forms like the Apple Id login form. This login page lacks a form element and relies in javascript to work. Fortunately, the username and password HTML input fields have well-defined IDs that we can set in the chrome-pass file to let it work:
# chrome-pass for Apple ID login from.
account_name_text_field=pass__user
password_text_field=pass__password
Adding the above key/value pairs to the Apple account pass file will instruct
the chrome-pass extension to fill any HTML input field with id
account_name_text_field
with the username and any HTML input field with id
password_text_field
with the decrypted password.
This is for developers only or people that want to see the source code before trusting their passwords to some extension written by an unknown person.
Inside Chrome open the URL chrome://extensions, check the Developer mode and then load the path to the extension folder using the Load unpacked extension button. After the extension is loaded into Chrome take note of the extension ID.
Next we need to install the chrome_pass wrapper script and install the Native Host Application manifest:
cd application
pip install --upgrade setuptools build --user
python -m build
pip install . --user
chrome_pass install [extension ID]
Replace otpoauth
custom fields with pass__otpauth
in you pass files. The
otpoauth
custom field will be removed and won't work in future releases.
Native application and extension 0.5.1 are not compatible with previous version. Ensure both are 0.5.1 for them to work properly.
The nativePass
script has been renamed to chrome_pass
.
Version 0.5.0 of chrome-pass uses setuptools instead of distutils to package and install the native application. When installing you may get errors such as:
ERROR: Cannot uninstall 'chrome-pass'. It is a distutils installed project and
thus we cannot accurately determine which files belong to it which would lead
to only a partial uninstall.
In this situation is necessary to manually uninstall older versions of the package:
nativePass
script. Find it using which nativePass
.chrome_pass-0.X.0...
files and directories.If for some reason the extension is unable to get the list of usernames from your password store the most probable reasons are:
It has been found that the chrome_pass application is unable to decrypt the gpg passwords with some newer versions of python-gnupg. I can verify that the plugin works without issues when using gnupg module version 0.3.9 found by default in Ubuntu 16.04LTS.
See related issue for details at: Github.
If the plugin works when you launch chrome from within a terminal, but does not work when launched from Spotlight or any other launcher, then ensure the PATH environment variable is correctly set by the launcher.
See related issue for details at: Github