My young split-pass implementation

Hey everyone!

I just wanted to drop you a note about my young split-pass implementation at I tried to stay as close as possible to the original pass and even the usage info gets relayed through Qrexec. The pass git command is disallowed by default, though, because it allows passing command-line arguments directly to Git.

Contrary to qubes-pass, this implementation does not share password stores between qubes (but you can emulate this by creating a symlink from one qube’s store to another).

I’m interested in any kind of review and feedback, since I believe to be the only user of it right now. Don’t hesitate to submit issues or pull-requests on GitHub if you’re interested.

Obviously I may have overlooked some issues, e.g. places where additional input validation might be required. Therefore please use it with extra caution!

Feature-wise, I think it’s pretty much complete, at least when compared to the version of pass included in Debian 11, including copy-to-clipboard and printing QR codes. I haven’t tested other versions yet.

I recommend using it together with a split-gpg setup and to combine it with a restrictive qubes-rpc policy.

Have fun!


Hi @mtdcr, welcome to the Community! Thank you for contributing to Qubes. I believe this post deserves its own topic, just moved.


What features are necessary in qubes-pass so that you don’t need to maintain your own implementation? I’d be happy to add them.

@Rudd-O: Feature-wise, I’d like to see the same command-line interface implemented by pass itself, but stability and reliability are even more important from my point of view, and of course a maintainable code base.

I’ve been using this implementation for months without noticing any recent issues. I don’t think I’ll ever return.