Short answer: pass stores everything in ~/.password-store/, encrypted with GPG.
If you don’t copy your GPG key, the passwords will be useless after reinstall.
Here’s the full, no-BS explanation 👇
pass saves passwordspass is just a fancy wrapper around:
~/.password-store/
Inside that directory you’ll see files like:
email/gmail.gpg
email/protonmail.gpg
mutt/imap.gpg
Each file is GPG-encrypted. So copying only the files is not enough.
pass encrypts using your GPG private key, usually stored in:
~/.gnupg/
If you reinstall Arch without this key, pass will say:
decryption failed: No secret key
So you MUST back up both:
~/.password-store/List your key first:
gpg --list-secret-keys --keyid-format=long
You’ll see something like:
sec rsa4096/ABCDEF1234567890
Export it:
gpg --export-secret-keys ABCDEF1234567890 > privatekey.gpg
gpg --export ABCDEF1234567890 > publickey.gpg
⚠️ Keep privatekey.gpg secret (USB, encrypted drive, etc.)
cp -r ~/.password-store ~/password-store-backup
(Optional but smart)
tar czvf pass-backup.tar.gz ~/.password-store privatekey.gpg publickey.gpg
cp -r password-store-backup ~/.password-store
gpg --import privatekey.gpg
gpg --import publickey.gpg
gpg --edit-key YOURKEYID
trust
5
quit
pass ls
pass show email/gmail
If it decrypts → you’re golden 💪
mutt-wizard uses pass directly, usually paths like:
pass email/accountname
pass mutt/accountname
So restoring pass = restoring mutt, isync, msmtp, etc.
No re-entering passwords. No pain.
✅ Copy ~/.password-store/
✅ Export and keep your GPG private key
❌ Don’t reinstall without it
💀 Otherwise passwords are gone forever