Today I’d like to show you my setup for integrate the pass password manager into the i3 desktop environment using a Bash script.

The script is designed to automatically fill in the user and password fields in login forms, and if a totp is present, it generates and copies the OTP code to the clipboard using the “oathtool” utility.


Before you begin, ensure the following tools are installed (e.g. on Debian-based Linux system using APT):

sudo apt-get install oathtool x11-tools xdotool libnotify-bin rofi pass

“pass” Configuration

Follow the official guide for configuring “pass,” including synchronization with Git. You can find the guide here.

“pass” Data Format:

The script relies on a specific data format within “pass” for storing credentials. Each password file should adhere to the following structure:

login: <login>                                                                                                                                                                                                       
url: <url>                                                                                                                                                                                                           
totp: <totp secret>                                                                                                                                                                                                  

The Bash Script

Here is the Bash script that integrates “pass” into the i3 desktop environment:


shopt -s nullglob globstar

# BETA - get current window name and use it to filter passwords list
wintit=$(xprop -id $(xdotool getactivewindow) | grep "WM_NAME" | tail -n1 | cut -d "\"" -f 2 | tr '[:upper:]' '[:lower:]' | cut -d " " -f 1)

# get all the saved password files
password_files=( "$prefix"/**/*.gpg )
password_files=( "${password_files[@]#"$prefix"/}" )
password_files=( "${password_files[@]%.gpg}" )

# shows a list of all password files and saves the selected one in a variable
password=$(printf '%s\n' "${password_files[@]}" | rofi -dmenu "$@" -filter "$wintit")
[[ -n $password ]] || exit

passshow=$(pass show $password)
passw=$(echo "$passshow" | head -n1 )
uname=$(echo "$passshow" | grep "login:" | cut -d " " -f 2)
totpsecret=$(echo "$passshow" | grep "totp:" | cut -d " " -f 2)

# xdotool types the username on the active field
xdotool type "$uname"
# type a TAB (for moving forward in browser input fields)
xdotool key Tab
# type the password in the active input
xdotool type "$passw"
xdotool key Tab

# if a totp is present, generate the code and copy it into clipboard
if [[ -n $totpsecret ]]; then
    totp=$(oathtool -b --totp $totpsecret)
    notify-send "OTP code $totp copied in clipboard!"
    echo "$totp" | xclip -sel clip

Explanation of the Script:

  • The script starts by extracting the active window name, which is used to filter the list of saved passwords.
  • It retrieves all saved password files, excluding the path and file extension, and displays them using “rofi.”
  • The selected password is then shown and parsed to extract the username, password, and, if available, the TOTP secret key.
  • Using “xdotool,” the script types the username, presses TAB to navigate through input fields, and types the password.
  • If a TOTP secret is present, the script generates the OTP code using “oathtool,” notifies the user, and copies the code to the clipboard.

Configuration in i3

To integrate the script with i3, save the script in ~/.local/bin/ and add the following line to your ~/.config/i3/config file:

bindsym $mod+Shift+p exec ~/.local/bin/

This configuration binds the script execution to a key combination ($mod+Shift+p). Adjust it according to your preferences.

Now, you have successfully integrated “pass” into your i3 desktop environment, providing a seamless and secure password management solution.