### SSH Agent Start Output Example Source: https://protonpass.github.io/pass-cli/commands/ssh-agent Example output shown after successfully starting the SSH agent. ```text SSH agent started successfully! To use this agent, run: export SSH_AUTH_SOCK=/Users/youruser/.ssh/proton-pass-agent.sock Keys will refresh automatically every 3600 seconds. Press Ctrl+C to stop the agent. ``` -------------------------------- ### Manual Installation - Download versions.json Source: https://protonpass.github.io/pass-cli/get-started/installation Downloads the binary listing file for manual installation. ```bash https://proton.me/download/pass-cli/versions.json ``` -------------------------------- ### Complete example - process it Source: https://protonpass.github.io/pass-cli/commands/contents/inject Command to process the example template file. ```bash pass-cli inject --in-file config.yaml.template --out-file config.yaml ``` -------------------------------- ### Example Workflow for Auto-Creation Source: https://protonpass.github.io/pass-cli/commands/ssh-agent A step-by-step example demonstrating the workflow for starting the agent with auto-creation and adding a new SSH key. ```bash # Start the agent with auto-creation enabled pass-cli ssh-agent start --create-new-identities MySshKeysVault # In another terminal, export the socket path export SSH_AUTH_SOCK=$HOME/.ssh/proton-pass-agent.sock # Add a new SSH key ssh-add ~/.ssh/my_new_key # The key is now automatically stored in your Proton Pass vault! ``` -------------------------------- ### Create vault examples Source: https://protonpass.github.io/pass-cli/commands/vault Examples for creating vaults. ```bash # Create a personal vault pass-cli vault create --name "Personal Accounts" ``` ```bash # Create a work vault pass-cli vault create --name "Work Projects" ``` -------------------------------- ### Agent Instructions Example Source: https://protonpass.github.io/pass-cli/commands/agent Example of redirecting agent instructions to a file. ```bash pass-cli agent instructions > agent-instructions.md ``` -------------------------------- ### `pat list` example Source: https://protonpass.github.io/pass-cli/commands/personal-access-token Example output of listing personal access tokens. ```bash pass-cli pat list # - [abc123]: deploy-bot (expires: 2025-06-01) # - [def456]: staging-reader (expires: 2025-07-15) ``` -------------------------------- ### List vaults examples Source: https://protonpass.github.io/pass-cli/commands/vault Examples for listing vaults. ```bash # List vaults using default format (if configured) pass-cli vault list ``` ```bash # List vaults in human-readable format pass-cli vault list --output human ``` ```bash # List vaults in JSON format for scripting pass-cli vault list --output json ``` -------------------------------- ### Complete example - template file Source: https://protonpass.github.io/pass-cli/commands/contents/inject An example template file demonstrating secret references. ```yaml # config.yaml.template database: host: localhost port: 5432 username: {{ pass://Production/Database/username }} password: {{ pass://Production/Database/password }} api: key: {{ pass://Work/API Keys/api_key }} secret: {{ pass://Work/API Keys/secret }} # This comment with pass://fake/uri is ignored # Only {{ }} wrapped references are processed ``` -------------------------------- ### Complex example Source: https://protonpass.github.io/pass-cli/commands/contents/run A more complex example combining environment variable exports, multiple .env files, and running a Node.js server. ```bash #!/bin/bash # Set some environment variables export NODE_ENV=production export LOG_LEVEL=info # Run with secrets from .env files pass-cli run \ --env-file .env.production \ --env-file .env.secrets \ -- node server.js --port 3000 ``` -------------------------------- ### Quick Install - Windows Source: https://protonpass.github.io/pass-cli/get-started/installation Installs Proton Pass CLI using the official installation script on Windows. ```powershell Invoke-WebRequest -Uri https://proton.me/download/pass-cli/install.ps1 -OutFile install.ps1; .\install.ps1 ``` -------------------------------- ### Development workflow example Source: https://protonpass.github.io/pass-cli/commands/test Using the `test` command in a development workflow to verify setup before starting work. ```bash # Verify setup before starting work pass-cli test && echo "Ready to work" ``` -------------------------------- ### Share vault examples Source: https://protonpass.github.io/pass-cli/commands/vault Examples for sharing vaults. ```bash # Share vault with viewer access (by Share ID) pass-cli vault share --share-id "abc123def" colleague@company.com ``` -------------------------------- ### Example: View account details Source: https://protonpass.github.io/pass-cli/commands/user A basic example to view account details. ```bash # View your account details pass-cli user info ``` -------------------------------- ### Start SSH Agent Daemon with Options Source: https://protonpass.github.io/pass-cli/commands/ssh-agent Examples of starting the SSH agent daemon with various configuration options. ```bash pass-cli ssh-agent daemon start --vault-name MySshKeysVault ``` ```bash pass-cli ssh-agent daemon start --share-id MY_SHARE_ID ``` ```bash pass-cli ssh-agent daemon start --refresh-interval 7200 ``` ```bash pass-cli ssh-agent daemon start --create-new-identities MySshKeysVault ``` ```bash pass-cli ssh-agent daemon start --socket-path /tmp/my-agent.sock ``` -------------------------------- ### Manual Installation - Make executable Source: https://protonpass.github.io/pass-cli/get-started/installation Makes the downloaded binary executable on Unix systems. ```bash chmod +x pass-cli ``` -------------------------------- ### Vault member examples Source: https://protonpass.github.io/pass-cli/commands/vault Examples for managing vault members. ```bash # List vault members (by Share ID) pass-cli vault member list --share-id "abc123def" ``` ```bash # List vault members (by name) pass-cli vault member list --vault-name "Team Vault" ``` ```bash # List vault members (with json output) pass-cli vault member list --vault-name "Team Vault" --output=json ``` ```bash # Update member role pass-cli vault member update --share-id "abc123def" --member-share-id "member123" --role editor ``` ```bash # Remove a member pass-cli vault member remove --share-id "abc123def" --member-share-id "member123" ``` -------------------------------- ### Using .env files Source: https://protonpass.github.io/pass-cli/commands/contents/run Example of creating a .env file and running the command with it. ```bash DB_HOST=localhost DB_PORT=5432 DB_USERNAME=admin DB_PASSWORD=pass://Production/Database/password API_KEY=pass://Work/External API/api_key ``` ```bash pass-cli run --env-file .env -- ./my-app ``` -------------------------------- ### Example of using default format in commands Source: https://protonpass.github.io/pass-cli/commands/settings Demonstrates how commands behave after a default format is set. ```bash # After setting, commands use your preferred format: pass-cli item list # Outputs in JSON if you set json as default pass-cli item view "pass://MyVault/MyItem" # Uses your default format # You can still override on a per-command basis: pass-cli item list --output human # Forces human format regardless of default ``` -------------------------------- ### Import SSH Key Examples Source: https://protonpass.github.io/pass-cli/commands/item Examples demonstrating how to import SSH keys. ```bash # Import an unencrypted SSH key pass-cli item create ssh-key import \ --from-private-key ~/.ssh/id_ed25519 \ --share-id "abc123def" \ --title "My SSH Key" ``` ```bash # Import using vault name pass-cli item create ssh-key import \ --from-private-key ~/.ssh/id_rsa \ --vault-name "Personal Keys" \ --title "Old RSA Key" ``` ```bash # Import a passphrase-protected key (will prompt for passphrase) pass-cli item create ssh-key import \ --from-private-key ~/.ssh/id_ed25519 \ --share-id "abc123def" \ --title "Protected Key" \ --password ``` -------------------------------- ### Beta Channel Installation - Windows Source: https://protonpass.github.io/pass-cli/get-started/installation Installs Proton Pass CLI from the beta channel on Windows. ```powershell Invoke-WebRequest -Uri https://proton.me/download/pass-cli/install.ps1 -OutFile install.ps1 $env:PROTON_PASS_CLI_INSTALL_CHANNEL="beta"; .\install.ps1 ``` -------------------------------- ### Update vault examples Source: https://protonpass.github.io/pass-cli/commands/vault Examples for updating vaults. ```bash # Rename a vault by Share ID pass-cli vault update --share-id "abc123def" --name "Updated Vault Name" ``` ```bash # Rename a vault by name pass-cli vault update --vault-name "Old Name" --name "New Name" ``` -------------------------------- ### Quick Install - macOS and Linux Source: https://protonpass.github.io/pass-cli/get-started/installation Installs Proton Pass CLI using the official installation script on macOS and Linux. ```bash curl -fsSL https://proton.me/download/pass-cli/install.sh | bash ``` -------------------------------- ### Multiple env files Source: https://protonpass.github.io/pass-cli/commands/contents/run Example of using multiple .env files, demonstrating override order. ```bash pass-cli run \ --env-file base.env \ --env-file secrets.env \ --env-file local.env \ -- ./my-app ``` -------------------------------- ### Verify Installation - Windows Source: https://protonpass.github.io/pass-cli/get-started/installation Verifies the Proton Pass CLI installation on Windows. ```powershell pass-cli.exe --version ``` -------------------------------- ### `agent list` command syntax and example Source: https://protonpass.github.io/pass-cli/commands/agent Syntax for listing agents and an example of the human-readable output. ```bash pass-cli agent list [--output human|json] ``` ```bash pass-cli agent list # - [pat_abc123]: my-agent (expires: 2026-07-20) ``` -------------------------------- ### Example of using default vault in commands Source: https://protonpass.github.io/pass-cli/commands/settings Demonstrates how commands behave after a default vault is set. ```bash # After setting, you can omit vault parameters in commands: pass-cli item list # Lists items from your default vault pass-cli item create login --title "New Login" --username "user" # Creates in default vault ``` -------------------------------- ### CI/CD integration Source: https://protonpass.github.io/pass-cli/commands/contents/run Example script for CI/CD integration, loading production secrets. ```bash #!/bin/bash # CI/CD deployment script # Load production secrets pass-cli run \ --env-file .env.production \ -- ./deploy.sh ``` -------------------------------- ### Switch to beta track example Source: https://protonpass.github.io/pass-cli/commands/update An example demonstrating how to switch to the beta track and then update. ```bash # Set the track pass-cli update --set-track beta # Update track set to beta # Update to latest beta version pass-cli update # Update pass-cli v1.0.0 → v1.1.0-beta.1? [Y/n] ``` -------------------------------- ### `pat renew` example Source: https://protonpass.github.io/pass-cli/commands/personal-access-token Example of renewing a personal access token. ```bash pass-cli pat renew --personal-access-token-name "deploy-bot" --expiration 3m # PROTON_PASS_PERSONAL_ACCESS_TOKEN=pst_xxxx...xxxx::TOKENKEY ``` -------------------------------- ### Custom PID file location example Source: https://protonpass.github.io/pass-cli/commands/ssh-agent Example of starting, checking status, and stopping the daemon with custom PID and socket file locations. ```bash pass-cli ssh-agent daemon start --pid-file /tmp/my-agent.pid --socket-path /tmp/my-agent.sock pass-cli ssh-agent daemon status --pid-file /tmp/my-agent.pid pass-cli ssh-agent daemon stop --pid-file /tmp/my-agent.pid ``` -------------------------------- ### `agent create` command syntax and example Source: https://protonpass.github.io/pass-cli/commands/agent Syntax for creating a new agent and an example showing creation with multiple vaults. ```bash pass-cli agent create --expiration [--vault ] [--vault ]... ``` ```bash pass-cli agent create my-agent --expiration 3m --vault "Production" --vault "Staging" # { # "token": "PROTON_PASS_PERSONAL_ACCESS_TOKEN=pst_xxxx...xxxx::TOKENKEY", # "instruction": "..." # } ``` -------------------------------- ### Beta Channel Installation - macOS and Linux Source: https://protonpass.github.io/pass-cli/get-started/installation Installs Proton Pass CLI from the beta channel on macOS and Linux. ```bash export PROTON_PASS_CLI_INSTALL_CHANNEL=beta curl -fsSL https://proton.me/download/pass-cli/install.sh | bash # Or as a one-liner curl -fsSL https://proton.me/download/pass-cli/install.sh | PROTON_PASS_CLI_INSTALL_CHANNEL=beta bash ``` -------------------------------- ### See all resources shared with you Source: https://protonpass.github.io/pass-cli/commands/share Example command to see all resources shared with the current user. ```bash # See all resources shared with you pass-cli share list ``` -------------------------------- ### SSH Key Loading Summary Example Source: https://protonpass.github.io/pass-cli/commands/ssh-agent An example output showing the summary of SSH key loading status. ```text SSH Key Loading Summary: Successfully loaded: 0 Already loaded (skipped): 3 Total keys: 3 All keys were already present in the system SSH agent. You can verify with: ssh-add -l ``` -------------------------------- ### Accept an invitation example Source: https://protonpass.github.io/pass-cli/commands/invite Example of accepting an invitation with a specific token. ```bash # Accept an invitation pass-cli invite accept --invite-token "abc123def456" ``` -------------------------------- ### Verify Installation - macOS/Linux Source: https://protonpass.github.io/pass-cli/get-started/installation Verifies the Proton Pass CLI installation on macOS and Linux. ```bash pass-cli --version ``` -------------------------------- ### `pat create` example Source: https://protonpass.github.io/pass-cli/commands/personal-access-token Example of creating a personal access token. The output is ready to use as an environment variable. After creating the token, grant it access to the vaults or items it needs (see `pat access grant` below). ```bash pass-cli pat create --name "deploy-bot" --expiration 3m # PROTON_PASS_PERSONAL_ACCESS_TOKEN=pst_xxxx...xxxx::TOKENKEY ``` -------------------------------- ### Delete vault examples Source: https://protonpass.github.io/pass-cli/commands/vault Examples for deleting vaults. ```bash # Delete a vault by Share ID (this also deletes all items in it!) pass-cli vault delete --share-id "abc123def" ``` ```bash # Delete a vault by name pass-cli vault delete --vault-name "Old Vault" ``` -------------------------------- ### Return to stable releases example Source: https://protonpass.github.io/pass-cli/commands/update An example showing how to switch back to the stable track and update. ```bash # Switch back to stable pass-cli update --set-track stable # Update track set to stable # Update to latest stable version pass-cli update # Update pass-cli v1.1.0-beta.1 → v1.0.5? [Y/n] ``` -------------------------------- ### List all shares in human-readable format Source: https://protonpass.github.io/pass-cli/commands/share Example of listing all shares in a human-readable format. ```bash # List all shares in human-readable format pass-cli share list ``` -------------------------------- ### Custom Installation Directory - Windows Source: https://protonpass.github.io/pass-cli/get-started/installation Installs Proton Pass CLI to a custom directory on Windows. ```powershell Invoke-WebRequest -Uri https://proton.me/download/pass-cli/install.ps1 -OutFile install.ps1 $env:PROTON_PASS_CLI_INSTALL_DIR="C:\custom\path"; .\install.ps1 ``` -------------------------------- ### Agent Monitor Example Source: https://protonpass.github.io/pass-cli/commands/agent Example of monitoring an agent's audit log. ```bash pass-cli agent monitor my-agent # [record_001] action=ItemRead vault="Production" item="DB password" reason="Running nightly backup" (object_id=item_xyz) ``` -------------------------------- ### Generate SSH Key Examples Source: https://protonpass.github.io/pass-cli/commands/item Examples demonstrating various ways to generate SSH keys. ```bash # Generate using default vault (if configured) pass-cli item create ssh-key generate \ --title "GitHub Deploy Key" ``` ```bash # Generate an Ed25519 key (recommended) pass-cli item create ssh-key generate \ --share-id "abc123def" \ --title "GitHub Deploy Key" ``` ```bash # Generate an Ed25519 key using vault name pass-cli item create ssh-key generate \ --vault-name "Development Keys" \ --title "GitHub Deploy Key" ``` ```bash # Generate an RSA 4096 key with comment pass-cli item create ssh-key generate \ --share-id "abc123def" \ --title "Production Server" \ --key-type rsa4096 \ --comment "prod-server-deploy" ``` ```bash # Generate a passphrase-protected key pass-cli item create ssh-key generate \ --share-id "abc123def" \ --title "Secure Key" \ --password ``` ```bash # Generate with passphrase from environment variable PROTON_PASS_SSH_KEY_PASSWORD="my-passphrase" \ pass-cli item create ssh-key generate \ --share-id "abc123def" \ --title "Automated Key" \ --password ``` -------------------------------- ### `pat delete` example Source: https://protonpass.github.io/pass-cli/commands/personal-access-token Example of deleting a personal access token. ```bash pass-cli pat delete --personal-access-token-id abc123 ``` -------------------------------- ### Basic update example Source: https://protonpass.github.io/pass-cli/commands/update An example of a basic update process, including prompts and output. ```bash pass-cli update # Update pass-cli v1.0.0 → v1.1.0? [Y/n] # Downloading pass-cli v1.1.0... # Installing... # Updated to v1.1.0. ``` -------------------------------- ### Vault Operations Examples Source: https://protonpass.github.io/pass-cli/objects/vault Examples demonstrating how to create, list, and share vaults using the pass-cli. ```bash # Create a new vault for work items pass-cli vault create --name "Work Accounts" ``` ```bash # List all your vaults pass-cli vault list ``` ```bash # Share a vault with a colleague pass-cli vault share --share-id "abc123" colleague@company.com --role editor ``` -------------------------------- ### Set default output to JSON format Source: https://protonpass.github.io/pass-cli/commands/settings Example of setting the default output format to JSON. ```bash # Set default output to JSON format pass-cli settings set default-format json ``` -------------------------------- ### Agent Access Grant Examples Source: https://protonpass.github.io/pass-cli/commands/agent Examples of granting an agent read access to a whole vault or to a single item. ```bash # Grant read access to a whole vault pass-cli agent access grant my-agent --vault-name "Production" --role viewer # Grant access to a single item only pass-cli agent access grant my-agent --vault-name "Production" --item-title "DB password" ``` -------------------------------- ### Reject an invitation example Source: https://protonpass.github.io/pass-cli/commands/invite Example of rejecting an invitation with a specific token. ```bash # Reject an invitation pass-cli invite reject --invite-token "abc123def456" ``` -------------------------------- ### Interactive programs Source: https://protonpass.github.io/pass-cli/commands/contents/run Example showing that the command supports stdin/stdout/stderr forwarding for interactive programs. ```bash pass-cli run -- python ``` -------------------------------- ### Set default output to human-readable format Source: https://protonpass.github.io/pass-cli/commands/settings Example of setting the default output format to human-readable. ```bash # Set default output to human-readable format (default) pass-cli settings set default-format human ``` -------------------------------- ### Basic usage Source: https://protonpass.github.io/pass-cli/commands/contents/run Example of setting an environment variable with a secret reference and then running an application with the injected secret. ```bash # Set environment variable with secret reference export DB_PASSWORD='pass://Production/Database/password' # Run application with injected secret pass-cli run -- ./my-app ``` -------------------------------- ### View item in JSON format Source: https://protonpass.github.io/pass-cli/commands/contents/view Example of viewing an item's details in JSON output format. ```bash # View item in JSON format pass-cli item view --share-id "abc123def" --item-id "item456" --output json ``` -------------------------------- ### Quick overview of all shared resources Source: https://protonpass.github.io/pass-cli/commands/share Command to get a quick overview of all shared resources. ```bash # Quick overview of all shared resources pass-cli share list ``` -------------------------------- ### `agent delete` command syntax and example Source: https://protonpass.github.io/pass-cli/commands/agent Syntax for deleting an agent and an example command. ```bash pass-cli agent delete ``` ```bash pass-cli agent delete my-agent ``` -------------------------------- ### Install Pass CLI (Windows) Source: https://protonpass.github.io/pass-cli Commands to download and install the Proton Pass CLI on Windows systems. ```powershell Invoke-WebRequest -Uri https://proton.me/download/pass-cli/install.ps1 -OutFile install.ps1; .\install.ps1 ``` -------------------------------- ### Shell Completions - Fish (macOS and Linux) Source: https://protonpass.github.io/pass-cli/get-started/installation Generates and installs Fish completion script on macOS and Linux. ```bash mkdir -p ~/.config/fish/completions pass-cli completions fish > ~/.config/fish/completions/pass-cli.fish ``` -------------------------------- ### Troubleshooting example Source: https://protonpass.github.io/pass-cli/commands/test A step-by-step troubleshooting sequence using `test`, `info`, and `vault list` commands. ```bash # Step-by-step troubleshooting echo "Testing connection..." pass-cli test echo "Checking session info..." pass-cli info echo "Listing accessible vaults..." pass-cli vault list ``` -------------------------------- ### Example of explicit vault specification after unsetting Source: https://protonpass.github.io/pass-cli/commands/settings Demonstrates how commands require explicit vault specification after the default vault is unset. ```bash # After unsetting, you must specify vaults explicitly: pass-cli item list "Personal" ``` -------------------------------- ### Shell Completions - Zsh (macOS and Linux) Source: https://protonpass.github.io/pass-cli/get-started/installation Generates and installs Zsh completion script on macOS and Linux. ```bash mkdir -p ~/.zfunc pass-cli completions zsh > ~/.zfunc/_pass-cli If `~/.zfunc` is not in your `fpath`, add this to your `~/.zshrc`: fpath=(~/.zfunc $fpath) autoload -Uz compinit && compinit ``` -------------------------------- ### Set default vault by name Source: https://protonpass.github.io/pass-cli/commands/settings Example of setting the default vault using its name. ```bash # Set default vault by name pass-cli settings set default-vault --vault-name "Personal Vault" ``` -------------------------------- ### Running with arguments Source: https://protonpass.github.io/pass-cli/commands/contents/run Example of running a command with its own arguments after the `--` separator. ```bash pass-cli run -- ./my-app --config production --verbose ``` -------------------------------- ### View item using Pass URI Source: https://protonpass.github.io/pass-cli/commands/contents/view Example of viewing an item using a Pass URI. ```bash # View item using Pass URI pass-cli item view "pass://abc123def/item456" ``` -------------------------------- ### Shell Completions - Bash (macOS and Linux) Source: https://protonpass.github.io/pass-cli/get-started/installation Generates and installs Bash completion script on macOS and Linux. ```bash mkdir -p ~/.local/share/bash-completion/completions pass-cli completions bash > ~/.local/share/bash-completion/completions/pass-cli ``` -------------------------------- ### View item by IDs Source: https://protonpass.github.io/pass-cli/commands/contents/view Example of viewing an item using its share ID and item ID. ```bash # View item by IDs pass-cli item view --share-id "abc123def" --item-id "item456" ``` -------------------------------- ### List shares in JSON format for scripting Source: https://protonpass.github.io/pass-cli/commands/share Example of listing shares in JSON format for scripting purposes. ```bash # List shares in JSON format for scripting pass-cli share list --output json ``` -------------------------------- ### Example: Display user information in human-readable format Source: https://protonpass.github.io/pass-cli/commands/user Demonstrates how to view user information in a human-readable format. ```bash # Display user information in human-readable format pass-cli user info ``` -------------------------------- ### Install Pass CLI (Linux/macOS) Source: https://protonpass.github.io/pass-cli Command to download and install the Proton Pass CLI on Linux and macOS systems. ```bash curl -fsSL https://proton.me/download/pass-cli/install.sh | bash ``` -------------------------------- ### Managing invitation workflow Source: https://protonpass.github.io/pass-cli/commands/invite Example workflow for checking and accepting invitations. ```bash # Check for new invitations echo "=== Pending Invitations ===" pass-cli invite list # Accept specific invitations pass-cli invite accept --invite-token "vault_invite_123" ``` -------------------------------- ### Set default vault by share ID Source: https://protonpass.github.io/pass-cli/commands/settings Example of setting the default vault using its share ID. ```bash # Set default vault by share ID pass-cli settings set default-vault --share-id "3GqM1RhVZL8uXR_abc123" ``` -------------------------------- ### Interactive login with password prompt Source: https://protonpass.github.io/pass-cli/commands/login Example of interactive login where the user is prompted for their password. ```bash pass-cli login --interactive user@proton.me # You will be prompted: Enter password: ``` -------------------------------- ### View specific field using options Source: https://protonpass.github.io/pass-cli/commands/contents/view Example of viewing a specific field of an item using command options. ```bash # View specific field using options pass-cli item view --share-id "abc123def" --item-id "item456" --field "username" ``` -------------------------------- ### Example: Display user information in JSON format Source: https://protonpass.github.io/pass-cli/commands/user Demonstrates how to view user information in JSON format. ```bash # Display user information in JSON format pass-cli user info --output json ``` -------------------------------- ### Shell Completions Source: https://protonpass.github.io/pass-cli/get-started/installation Generates shell completion scripts for Proton Pass CLI. ```bash pass-cli completions ``` -------------------------------- ### Homebrew Installation - macOS and Linux Source: https://protonpass.github.io/pass-cli/get-started/installation Installs Proton Pass CLI using Homebrew on macOS and Linux. ```bash brew install protonpass/tap/pass-cli ``` -------------------------------- ### View specific field using URI Source: https://protonpass.github.io/pass-cli/commands/contents/view Example of viewing a specific field of an item using a URI. ```bash # View specific field using URI pass-cli item view "pass://abc123def/item456/password" ``` -------------------------------- ### List invitations in JSON format Source: https://protonpass.github.io/pass-cli/commands/invite Example of listing invitations using JSON output format. ```bash pass-cli invite list --output json ``` -------------------------------- ### SSH Agent Debug Report Example Source: https://protonpass.github.io/pass-cli/commands/ssh-agent Example output of the 'ssh-agent debug' command showing valid and invalid SSH keys. ```text SSH Agent Debug Report Vault: Personal Vault (share-id-123) ✓ Valid SSH Keys (2): • my-github-key Algorithm: Ed25519 Fingerprint: SHA256:abc123... • work-server Algorithm: RSA-4096 Fingerprint: SHA256:def456... ✗ Invalid Items (2): • old-encrypted-key (SshKey) Reason: SSH key is encrypted but no passphrase found in custom fields • my-gmail-login (Login) Reason: Not an SSH key item (type: Login) Summary: Valid SSH keys: 2 Invalid items: 2 Total items checked: 4 ``` -------------------------------- ### Custom Installation Directory - macOS and Linux Source: https://protonpass.github.io/pass-cli/get-started/installation Installs Proton Pass CLI to a custom directory on macOS and Linux. ```bash export PROTON_PASS_CLI_INSTALL_DIR=/custom/path curl -fsSL https://proton.me/download/pass-cli/install.sh | bash ``` -------------------------------- ### Synopsis Source: https://protonpass.github.io/pass-cli/commands/settings The main command for managing settings. ```bash pass-cli settings ``` -------------------------------- ### View item by vault name and item title Source: https://protonpass.github.io/pass-cli/commands/contents/view Example of viewing an item using its vault name and item title. ```bash # View item by vault name and item title pass-cli item view --vault-name "MyVault" --item-title "MyItem" ``` -------------------------------- ### Interactive login with TOTP prompt Source: https://protonpass.github.io/pass-cli/commands/login Example of interactive login where the user is prompted for their TOTP after the password. ```bash pass-cli login --interactive user@proton.me # Enter password: # Enter TOTP: ``` -------------------------------- ### Synopsis Source: https://protonpass.github.io/pass-cli/commands/contents/run The basic syntax for the run command. ```bash pass-cli run [--env-file FILE]... [--no-masking] -- COMMAND [ARGS...] ``` -------------------------------- ### Interactive login via TOTP file Source: https://protonpass.github.io/pass-cli/commands/login Example of interactive login using a TOTP stored in a file, referenced by an environment variable. ```bash echo '123456' > /secure/totp.txt export PROTON_PASS_TOTP_FILE='/secure/totp.txt' pass-cli login --interactive user@proton.me ``` -------------------------------- ### Basic information display Source: https://protonpass.github.io/pass-cli/commands/info Example of displaying basic user information after running the `info` command. ```bash pass-cli info - Release track: stable - ID: YOUR_USER_ID - Username: your-username - Email: youruser@proton.me ``` -------------------------------- ### Typical workflow for creating and monitoring an agent Source: https://protonpass.github.io/pass-cli/commands/agent Demonstrates the user-side steps for logging in, creating an agent, and monitoring its activity, alongside the AI agent's steps for logging in and performing an operation. ```bash # 1. Log in with your account pass-cli login # 2. Create an agent valid for 1 month, with access to a specific vault pass-cli agent create my-agent --expiration 1m --vault "Production" # Output (JSON) which you can send to your AI agent: # { # "token": "PROTON_PASS_PERSONAL_ACCESS_TOKEN=pst_xxxx...xxxx::TOKENKEY", # "instruction": "..." # } # The AI agent performs some operations... # 3. Inspect the audit log as the account owner pass-cli agent monitor my-agent ``` ```bash # The user will send the output to the agent and it should log in like this: # 1. Optionally use a separate session directory to avoid overwriting an existing session export PROTON_PASS_SESSION_DIR="/tmp/pass-agent-my-agent" # 2. Check whether an existing session is already valid before logging in or log in pass-cli info 2>/dev/null || PROTON_PASS_PERSONAL_ACCESS_TOKEN=pst_xxxx...xxxx::TOKENKEY pass-cli login # 3. Read a secret, passing the reason inline PROTON_PASS_AGENT_REASON="Running nightly backup" pass-cli agent item view \ --vault-name "Production" \ --item-name "DB password" \ --field password ``` -------------------------------- ### Interactive login via TOTP environment variable Source: https://protonpass.github.io/pass-cli/commands/login Example of interactive login using a TOTP stored in an environment variable. ```bash export PROTON_PASS_TOTP='123456' pass-cli login --interactive user@proton.me ``` -------------------------------- ### Interactive login via password environment variable Source: https://protonpass.github.io/pass-cli/commands/login Example of interactive login using a password stored in an environment variable. ```bash export PROTON_PASS_PASSWORD='your-password' pass-cli login --interactive user@proton.me ``` -------------------------------- ### Interactive login with extra password prompt Source: https://protonpass.github.io/pass-cli/commands/login Example of interactive login where the user is prompted for an extra password after password and TOTP. ```bash pass-cli login --interactive user@proton.me # Enter password: # (Optional) Enter TOTP: # Enter Pass extra password: ``` -------------------------------- ### Interactive login via password file Source: https://protonpass.github.io/pass-cli/commands/login Example of interactive login using a password stored in a file, referenced by an environment variable. ```bash echo 'your-password' > /secure/password.txt export PROTON_PASS_PASSWORD_FILE='/secure/password.txt' pass-cli login --interactive user@proton.me ``` -------------------------------- ### Examples for creating login items Source: https://protonpass.github.io/pass-cli/commands/item Illustrates different methods for creating login items, from basic creation with details to using generated passwords, templates, and specifying vaults by name or share ID. ```bash # Create using default vault (if configured) pass-cli item create login \ --title "GitHub Account" \ --username "myuser" \ --password "mypassword" \ --url "https://github.com" # Create a basic login item using share ID pass-cli item create login \ --share-id "abc123def" \ --title "GitHub Account" \ --username "myuser" \ --password "mypassword" \ --url "https://github.com" # Create a basic login item using vault name pass-cli item create login \ --vault-name "Personal" \ --title "GitHub Account" \ --username "myuser" \ --password "mypassword" \ --url "https://github.com" # Create login with generated password pass-cli item create login \ --share-id "abc123def" \ --title "New Account" \ --username "myuser" \ --generate-password \ --url "https://example.com" # Create login with custom password generation pass-cli item create login \ --vault-name "Work" \ --title "Secure Account" \ --username "myuser" \ --generate-password="20,uppercase,symbols" \ --url "https://example.com" # Get login template structure pass-cli item create login --get-template > template.json # Create from template file using share ID pass-cli item create login --from-template template.json --share-id "abc123def" # Create from template file using vault name pass-cli item create login --from-template template.json --vault-name "Personal" # Create from stdin template echo '{"title":"Test Login","username":"user","password":"pass","urls":["https://test.com"]}' | \ pass-cli item create login --share-id "abc123def" --from-template - ``` -------------------------------- ### Agent Access Revoke Example Source: https://protonpass.github.io/pass-cli/commands/agent Example of revoking an agent's access to a vault. ```bash pass-cli agent access revoke my-agent --share-id ``` -------------------------------- ### Create a new login item Source: https://protonpass.github.io/pass-cli/objects/item Example of creating a new login item with specified details. ```bash # Create a new login item pass-cli item create login \ --share-id "vault123" \ --title "GitHub Account" \ --username "myuser" \ --password "mypassword" \ --url "https://github.com" ``` -------------------------------- ### View Item using Pass URI Source: https://protonpass.github.io/pass-cli/commands/item Example of viewing an item using its Pass URI. ```bash # View item using Pass URI pass-cli item view "pass://abc123def/item456" ``` -------------------------------- ### View Item in JSON Format Source: https://protonpass.github.io/pass-cli/commands/item Example of viewing an item's details in JSON output format. ```bash # View item in JSON format pass-cli item view --share-id "abc123def" --item-id "item456" --output json ``` -------------------------------- ### View Item by Share ID and Item ID Source: https://protonpass.github.io/pass-cli/commands/item Example of viewing an item by specifying both the share ID and the item ID. ```bash # View item by IDs pass-cli item view --share-id "abc123def" --item-id "item456" ``` -------------------------------- ### Interactive login via extra password environment variable Source: https://protonpass.github.io/pass-cli/commands/login Example of interactive login using an extra password stored in an environment variable. ```bash export PROTON_PASS_EXTRA_PASSWORD='your-extra-password' pass-cli login --interactive user@proton.me ``` -------------------------------- ### Examples for item list Source: https://protonpass.github.io/pass-cli/commands/item Demonstrates various ways to list items, including using default settings, specific vaults by name or share ID, and different output formats. ```bash # List items using default vault and format (requires settings configured) pass-cli item list # List items in a specific vault by name pass-cli item list "Personal Vault" # List items in a specific vault by share ID pass-cli item list --share-id "abc123def" # List items in JSON format pass-cli item list --output json # Using default vault but override format pass-cli item list --output human ``` -------------------------------- ### Update without confirmation example Source: https://protonpass.github.io/pass-cli/commands/update An example of updating without confirmation prompts. ```bash pass-cli update --yes # Downloading pass-cli v1.1.0... # Installing... # Updated to v1.1.0. ``` -------------------------------- ### Start SSH Agent Source: https://protonpass.github.io/pass-cli/commands/ssh-agent This command starts an SSH agent if one is not already running. ```bash eval $(ssh-agent) ``` -------------------------------- ### Synopsis Source: https://protonpass.github.io/pass-cli/commands/login The `login` command can be used with or without flags for authentication. ```bash pass-cli login [--interactive] pass-cli login --personal-access-token ``` -------------------------------- ### `agent renew` command syntax and example Source: https://protonpass.github.io/pass-cli/commands/agent Syntax for renewing an agent's token and an example showing JSON output. ```bash pass-cli agent renew --expiration [--output human|json] ``` ```bash pass-cli agent renew my-agent --expiration 3m # { # "token": "PROTON_PASS_PERSONAL_ACCESS_TOKEN=pst_xxxx...xxxx::NEWTOKEN", # "instruction": "..." # } ``` -------------------------------- ### Reading Credentials from Files Source: https://protonpass.github.io/pass-cli/commands/login Demonstrates how to store a password in a secure file and configure the CLI to read it using an environment variable. ```bash # Store password in a secure file echo "your_password" > ~/.proton-pass-password chmod 600 ~/.proton-pass-password # Configure environment export PROTON_PASS_PASSWORD_FILE="$HOME/.proton-pass-password" pass-cli login --interactive alice@proton.me ``` -------------------------------- ### Start SSH Agent Daemon Source: https://protonpass.github.io/pass-cli/commands/ssh-agent Command to start the Proton Pass SSH agent as a background daemon. ```bash pass-cli ssh-agent daemon start ``` -------------------------------- ### Basic syntax Source: https://protonpass.github.io/pass-cli/commands/contents/run Environment variables can reference secrets using `pass://` URIs. ```bash VARIABLE_NAME="pass://vault-name/item-name/field-name" ``` -------------------------------- ### Automated monitoring example Source: https://protonpass.github.io/pass-cli/commands/test A cron job example for automated monitoring of the CLI health using the `test` command. ```bash # Cron job to monitor CLI health 0 * * * * /usr/local/bin/pass-cli test || echo "Pass CLI authentication expired" | mail -s "Alert" admin@company.com ``` -------------------------------- ### View all current user settings Source: https://protonpass.github.io/pass-cli/commands/settings Displays all configured settings along with their current values. Settings that have not been set will show their default values. ```bash pass-cli settings view ``` -------------------------------- ### Authentication required example Source: https://protonpass.github.io/pass-cli/commands/test Example output when the `test` command is run without authentication, indicating the need to log in. ```bash pass-cli test # Error: This operation requires an authenticated client ``` -------------------------------- ### Start SSH agent with debug logs (Windows) Source: https://protonpass.github.io/pass-cli/help/troubleshoot Command to start the SSH agent with debug logging enabled on Windows. ```powershell $env:PASS_LOG_LEVEL="debug"; pass-cli ssh-agent start --vault-name YOUR_VAULT_NAME ``` -------------------------------- ### Start SSH Agent with Custom Refresh Interval Source: https://protonpass.github.io/pass-cli/commands/ssh-agent Command to start the SSH agent and configure the key refresh interval. ```bash pass-cli ssh-agent start --refresh-interval 7200 # Every 2 hours, 7200 seconds ``` -------------------------------- ### Start SSH agent with debug logs (macOS/Linux) Source: https://protonpass.github.io/pass-cli/help/troubleshoot Command to start the SSH agent with debug logging enabled on macOS and Linux. ```bash PASS_LOG_LEVEL=debug pass-cli ssh-agent start --vault-name YOUR_VAULT_NAME ``` -------------------------------- ### Synopsis Source: https://protonpass.github.io/pass-cli/commands/personal-access-token The namespace can be specified as either `personal-access-token` or its shorthand `pat`; both behave identically. ```bash pass-cli pat # Or pass-cli personal-access-token ``` -------------------------------- ### Start SSH Agent Daemon with Log File Source: https://protonpass.github.io/pass-cli/commands/ssh-agent Command to start the SSH agent daemon and capture its output to a log file. ```bash pass-cli ssh-agent daemon start --log-file ~/.ssh/proton-pass-agent.log ``` -------------------------------- ### Typical workflow for setting up a CI runner token Source: https://protonpass.github.io/pass-cli/commands/personal-access-token A step-by-step guide to create a personal access token, grant it specific vault access, and use it to log in to the CLI for CI/CD pipelines. ```bash # 1. Create a token valid for 3 months pass-cli pat create --name "ci-runner" --expiration 3m # PROTON_PASS_PERSONAL_ACCESS_TOKEN=pst_xxxx...xxxx::TOKENKEY # 2. Grant it read-only access to the vault it needs pass-cli pat access grant --pat-name "ci-runner" --vault-name "CI Secrets" --role viewer # 3. Store the token in your CI secrets and use it to log in PROTON_PASS_PERSONAL_ACCESS_TOKEN=pst_xxxx...xxxx::TOKENKEY pass-cli login ``` -------------------------------- ### Start SSH Agent with Custom Socket Path Source: https://protonpass.github.io/pass-cli/commands/ssh-agent Command to start the SSH agent and specify a custom path for the Unix socket. ```bash pass-cli ssh-agent start --socket-path MY_CUSTOM_SOCKET_PATH ``` -------------------------------- ### Start SSH Agent with Vault Restriction Source: https://protonpass.github.io/pass-cli/commands/ssh-agent Commands to start the SSH agent while restricting vaults by share ID or vault name. ```bash pass-cli ssh-agent start --share-id MY_SHARE_ID ``` ```bash pass-cli ssh-agent start --vault-name MySshKeysVault ``` -------------------------------- ### Example of forcing ssh-copy-id to use password authentication Source: https://protonpass.github.io/pass-cli/commands/ssh-agent A complete example of the command to force ssh-copy-id to use password authentication, specifying a custom port. ```bash ssh-copy-id -o PreferredAuthentications=password -o PubkeyAuthentication=no -p 2222 user@server ``` -------------------------------- ### Linux (systemd) service file and commands Source: https://protonpass.github.io/pass-cli/commands/ssh-agent Configuration for systemd to automatically start the Proton Pass SSH agent on login, and commands to enable and start the service. ```ini [Unit] Description=Proton Pass SSH Agent [Service] ExecStart=/home/youruser/.local/bin/pass-cli ssh-agent start --socket-path %h/.ssh/proton-pass-agent.sock Restart=on-failure [Install] WantedBy=default.target ``` ```bash systemctl --user enable --now proton-pass-ssh-agent.service ``` -------------------------------- ### Command Usage Source: https://protonpass.github.io/pass-cli/commands/contents/view The basic syntax for the `view` command. ```bash pass-cli item view [OPTIONS] [URI] ``` -------------------------------- ### Set a user preference value Source: https://protonpass.github.io/pass-cli/commands/settings The command to set a user preference value. ```bash pass-cli settings set ``` -------------------------------- ### Referencing by ID Source: https://protonpass.github.io/pass-cli/commands/contents/secret-references Examples of referencing vaults and items by their IDs. ```plaintext pass://AbCdEf123456/XyZ789/password pass://ShareId123/ItemId456/api_key ``` -------------------------------- ### Referencing by Name Source: https://protonpass.github.io/pass-cli/commands/contents/secret-references Examples of referencing vaults and items by their names. ```plaintext pass://Work/GitHub Account/password pass://Personal/Email Login/username ``` -------------------------------- ### Secret masking Source: https://protonpass.github.io/pass-cli/commands/contents/run Demonstrates the default secret masking behavior and how to disable it. ```bash pass-cli run -- ./my-app # If the app logs: API_KEY: sk_live_abc123 # Output shows: API_KEY: ``` ```bash pass-cli run --no-masking -- ./my-app ``` -------------------------------- ### Overriding default output format Source: https://protonpass.github.io/pass-cli/commands/settings Demonstrates setting the default output format to JSON and overriding it to human format for a specific command. ```bash # Same for output format pass-cli settings set default-format json pass-cli item list --output human # Override to human format ``` -------------------------------- ### Overriding default vault Source: https://protonpass.github.io/pass-cli/commands/settings Shows how to set the default vault and how to explicitly specify a vault for operations. ```bash # Even with a default vault set pass-cli settings set default-vault --vault-name "Personal" # You can still work with other vaults explicitly pass-cli item list --vault-name "Work" pass-cli item create login --share-id "abc123" --title "Item" ``` -------------------------------- ### Synopsis Source: https://protonpass.github.io/pass-cli/commands/invite The basic syntax for the `invite` command. ```bash pass-cli invite ``` -------------------------------- ### Providing a reason for an agent operation Source: https://protonpass.github.io/pass-cli/commands/agent Example of setting the PROTON_PASS_AGENT_REASON environment variable before viewing an item. ```bash PROTON_PASS_AGENT_REASON="Running nightly backup" pass-cli item view \ --vault-name "Production" \ --item-name "DB password" \ --field password ``` -------------------------------- ### `pat create` command Source: https://protonpass.github.io/pass-cli/commands/personal-access-token Creates a new personal access token. The token is printed immediately after creation. **This is the only time the full token value is shown, so make sure to save it somewhere safe**. ```bash pass-cli pat create --name --expiration [--output human|json] ``` -------------------------------- ### Basic syntax Source: https://protonpass.github.io/pass-cli/commands/contents/inject The basic syntax for secret references in template files. ```bash {{ pass://vault/item/field }} ``` -------------------------------- ### Transfer vault ownership by name Source: https://protonpass.github.io/pass-cli/commands/vault Example of transferring vault ownership using the vault's name. ```bash pass-cli vault transfer --vault-name "My Vault" "member_share_id_xyz" ``` -------------------------------- ### Share vault with manager access Source: https://protonpass.github.io/pass-cli/commands/vault Example of sharing a vault with manager access using its share ID. ```bash pass-cli vault share --share-id "abc123def" colleague@company.com --role manager ``` -------------------------------- ### Share vault with editor access (by name) Source: https://protonpass.github.io/pass-cli/commands/vault Example of sharing a vault with editor access using its name. ```bash pass-cli vault share --vault-name "Team Vault" colleague@company.com --role editor ``` -------------------------------- ### Custom Field References Source: https://protonpass.github.io/pass-cli/commands/contents/secret-references Examples of referencing custom fields within items. ```plaintext pass://Work/API Keys/api_key pass://Production/Database/connection_string pass://Services/Stripe/secret_key ``` -------------------------------- ### Synopsis Source: https://protonpass.github.io/pass-cli/commands/test The basic syntax for the `test` command. ```bash pass-cli test ```