QtPass 1.5.1

Password management for everyone

QtPass is part of the pass ecosystem - the standard UNIX password manager. Your passwords are encrypted with GPG and can be synced across all your devices using Git.

Unlike many password managers, QtPass isn't tied to one platform or cloud service. Use it alongside other pass-compatible clients on mobile, CLI, or browser.

Supports smartcards and YubiKeys for extra security - your private keys never leave the device.

Features

• Works with pass - no vendor lock-in
• Cross-platform: Linux, macOS, Windows, FreeBSD
• Native look and feel on each platform
• Secure password generation
• Git sync for easy backup and sharing
• Per-folder encryption keys
• Smartcard and YubiKey support
• Clipboard with auto-clear
• Shoulder surfing protection
• Available in 20+ languages
• And more...

Installation

New to QtPass? Follow the getting started guide.

Linux

Arch

pacman -S qtpass

OpenSUSE & Fedora

yum install qtpass

dnf install qtpass

Debian, Ubuntu and derivates like Kali & Raspbian

apt-get install qtpass

Gentoo

emerge -atv qtpass

FreeBSD

pkg install qtpass

cd /usr/ports/sysutils/qtpass/ && make install clean

More options

Windows

Latest stable on the releases page, latest build via AppVeyor.

choco install qtpass

macOS

Latest stable on the releases page.

brew install qtpass --cask

Build from source

• QtPass requires Qt 5.15 or later (Qt 6 recommended)
• Requires gpg2 and optionally git

Build on Linux/BSD:

qmake && make && make install

Build on macOS:

brew install qt
qmake && make && macdeployqt QtPass.app

Security

QtPass uses GPG encryption - your passwords are never stored in plain text. Using a smartcard or YubiKey keeps your private keys secure even if your computer is compromised.

Your password store syncs via Git, so you control where it's hosted and always have a backup. Per-folder encryption lets you share passwords securely with family or team members.

For detailed security analysis, see the whitepaper.

Contributing

QtPass is open source. Contributions are welcome!

• Developer guide
• Report bugs or request features
• Help translate QtPass

Known issues

• Filtering (searching) breaks the tree/model sometimes.

Insecure Password Generation prior to 1.2.1

All passwords generated with QtPass' built-in password generator prior to 1.2.1 are possibly predictable and enumerable by hackers.
The generator used libc's random(), seeded with srand(msecs), where msecs is not the msecs since 1970 (not that that'd be secure anyway), but rather the msecs since the last second. This means there are only 1000 different sequences of generated passwords.

Read more about this issue on Github.
Please note that this is an issue with the QtPass GUI and not in pass or the greater password-store ecosystem.

We advice to update to 1.2.1 or later as soon as possible and change any password you may have generated with the QtPass' password generator.

FAQ

Can't save a password

• Is folder initialised? Easiest way is to use the [Users] button and make sure you can encrypt for someone (eg. yourself)
• Are you using git? If not, make sure it is switched off.

I have an issue with GNOME keyring

• Disable GNOME keyring or configure gpg-agent properly
• Create a ~/.gnupg/gpg-agent.conf containing:

enable-ssh-support
write-env-file
use-standard-socket
default-cache-ttl 600
max-cache-ttl 7200

See the pass FAQ for more troubleshooting tips.

Can I import from KeePass, LastPass or X?

• Yes, check passwordstore.org/#migration for more info.

More questions?

• Check the FAQ
• Read the security whitepaper
• Email us

Changelog

• Current changelog
• v1.5 release notes
• v1.4 release notes
• v1.3 release notes