A browser extension for Chrome, Edge, Chromium, and Firefox that integrates the pass standard Unix password manager.
- Manage your pass password store from your browser
- Create / update / delete entries
- Auto-suggest passwords based on the current URL
- Support for TOTP/OTP codes (requires pass-otp)
- Integrated password generator
- Sync the store with git
- Secure architecture with native messaging
- Cross-platform: Linux, macOS, Windows (where pass is available)
Suggestions for the current URL
Browser Extension ←→ Native Messaging ←→ Python Host ←→ pass CLI
(Sandboxed) (JSON/stdio) (Native) (GPG)
The extension communicates with a native Python script that executes pass commands. This approach ensures:
- Security: Extension runs in browser sandbox
- Compatibility: Works with standard
passinstallation - No network access required
- No telemetry or tracking
- pass password manager installed and configured
- Python 3.6 or later
- Chrome, Chromium, Edge, or Firefox browser
- pass-otp for OTP/2FA support
- git (for syncing password store)
git clone https://github.com/yourusername/pass-browser.git
cd pass-browsermacOS/Linux:
cd native-host
./install.shWindows:
cd native-host
install.batThis will:
- Install the Python host script to
~/.local/share/pass-browser/ - Install the native messaging manifest for Chrome/Edge
-
Open your browser's extensions page:
- Chrome:
chrome://extensions/ - Edge:
edge://extensions/ - Chromium:
chromium://extensions/
- Chrome:
-
Enable Developer mode (toggle in top-right corner)
-
Click Load unpacked
-
Select the
extensionfolder from this repository -
Note the Extension ID (something like
abcdefghijklmnopqrstuvwxyz123456)
Edit the native messaging manifest file and replace EXTENSION_ID with your actual extension ID from step 3:
macOS:
# For Chrome:
nano ~/Library/Application\ Support/Google/Chrome/NativeMessagingHosts/de.zisoft.pass_browser.json
# For Edge:
nano ~/Library/Application\ Support/Microsoft\ Edge/NativeMessagingHosts/de.zisoft.pass_browser.jsonLinux:
# For Chrome:
nano ~/.config/google-chrome/NativeMessagingHosts/de.zisoft.pass_browser.json
# For Edge:
nano ~/.config/microsoft-edge/NativeMessagingHosts/de.zisoft.pass_browser.jsonWindows:
# For Chrome:
notepad %LOCALAPPDATA%\Google\Chrome\User Data\NativeMessagingHosts\de.zisoft.pass_browser.json
# For Edge:
notepad %LOCALAPPDATA%\Microsoft\Edge\User Data\NativeMessagingHosts\de.zisoft.pass_browser.jsonChange this line:
"chrome-extension://EXTENSION_ID/"To your actual extension ID:
"chrome-extension://abcdefghijklmnopqrstuvwxyz123456/"After updating the manifest, completely restart your browser for the changes to take effect.
- Make sure you have a configured password store at
~/.password-store - Click the pass-browser extension icon in your browser toolbar
- The extension will load your password entries
- Navigate to a website
- Click the extension icon
- Select a password entry from the list
- Click to autofill or use the autofill button
The extension will:
- Show suggested passwords based on the URL
- Autofill username and password fields
- Handle OTP codes if configured
- Copy credentials to clipboard
- Enter: Autofill the selected entry
- Arrow keys: Navigate entries
- Type to search: Filter entries
- Click the + button in the extension popup
- Fill in the details (title, password, username, URL)
- Use the password generator if needed
- Click Save
- Click the edit icon next to an entry
- Modify the fields
- Click Save
Click the sync icon in the extension to pull and push changes to your git remote.
The extension suggests passwords based on:
- Exact hostname matches
- Subdomain matches
- URL fields in password entries
For quick access, a URLIndexCache.json file is created in cache directory ~/.cache/pass-safari. On the first run this may take some time, so please be patient. On subsequent runs only the changed entries are used to update the cache file, which is much faster. All fields from the password entries starting with one of:
urlwebsitesite
are stored in the cache. So you can easily use multiple URLs in one password entry like url:, url2:, etc.
If you have pass-otp installed, the extension will automatically detect and display OTP codes.
Add OTP to an entry:
pass otp append example.comThe extension will:
- Display the current OTP code
- Auto-refresh codes every 30 seconds (for TOTP)
- Autofill OTP fields in web forms
-
Check if the native host is installed:
ls ~/.local/share/pass-browser/pass_browser_host.py -
Check if Python is working:
python3 --version
-
Check the manifest file exists and has correct path:
macOS/Linux:
cat ~/Library/Application\ Support/Google/Chrome/NativeMessagingHosts/de.zisoft.pass_browser.json # or cat ~/.config/google-chrome/NativeMessagingHosts/de.zisoft.pass_browser.json
-
Check browser console for errors:
- Right-click extension icon → Inspect popup
- Check Console tab for error messages
-
Check native host logs:
The native host logs to stderr. To see logs:
Test the host manually:
echo '{"command":"listEntries","pageURL":""}' | python3 ~/.local/share/pass-browser/pass_browser_host.py
Make sure pass is in your PATH:
which passThe native host looks in these locations:
/opt/homebrew/bin/pass(macOS with Homebrew)/usr/local/bin/pass/usr/bin/pass/bin/pass- Or via
PATH
-
Check your password store:
pass ls
-
Make sure
PASSWORD_STORE_DIRis correct (default:~/.password-store) -
Check permissions:
ls -la ~/.password-store
-
Make sure pass-otp is installed:
pass otp --version
-
Check if OTP is configured for the entry:
pass otp uri example.com
pass-browser/
├── extension/ # Browser extension
│ ├── manifest.json # Extension manifest
│ ├── popup.html # Popup UI
│ ├── popup.js # Popup logic
│ ├── popup.css # Popup styles
│ ├── background.js # Background service worker
│ ├── content.js # Content script for autofill
│ └── images/ # Icons
├── native-host/ # Native messaging host
│ ├── pass_browser_host.py # Main host script
│ ├── de.zisoft.pass_browser.json # Manifest (Unix)
│ ├── de.zisoft.pass_browser.windows.json # Manifest (Windows)
│ ├── install.sh # Install script (Unix)
│ └── install.bat # Install script (Windows)
└── README.md
-
Test the native host directly:
python3 native-host/pass_browser_host.py
Then type a JSON message:
{"command":"listEntries","pageURL":""}Press Ctrl+D to send EOF.
-
Check browser console:
- Right-click extension icon → Inspect popup
- Check for JavaScript errors
-
Check background page:
- Go to
chrome://extensions/ - Click "Service worker" under your extension
- Check console for errors
- Go to
After making changes to the extension:
- Go to
chrome://extensions/ - Click the refresh icon on your extension card
- Test the changes
After changing the Python script:
- Test it directly (see Testing above)
- No need to reinstall
- Just restart the browser to reload the connection
- Extension runs in browser sandbox
- No network access required
- No telemetry or tracking
- Native messaging is restricted to specific extension ID
- All password operations go through native
passexecutable - GPG encryption handled by
pass
Note: The extension requires nativeMessaging permission to communicate with the Python host, which in turn executes pass commands.
MIT — see LICENSE.
- Built for pass by Jason A. Donenfeld
- Password generator by Dania Usman
The extension works in Firefox with a different manifest file!
Firefox requires Manifest v2 (doesn't fully support v3 yet):
browser_actioninstead ofactionbackground.scriptsinstead ofbackground.service_workerpermissionsincludes<all_urls>(no separatehost_permissions)- Added
browser_specific_settings.geckofor Firefox Add-ons - Extension ID:
pass-browser@zisoft.de
Good news: The extension code is already compatible! It uses the browser API which works in both Firefox and Chrome/Edge.
Same as Chrome/Edge (includes Firefox support):
cd native-host
./install.shThis installs the native messaging manifest to:
- macOS:
~/Library/Application Support/Mozilla/NativeMessagingHosts/ - Linux:
~/.mozilla/native-messaging-hosts/
Copy the Firefox manifest into the extension directory:
cp manifest-firefox.json extension/manifest.jsonImportant: This overwrites the Chrome/Edge manifest. If you need both browsers:
- Keep separate copies of the extension directory, or
- Swap the manifest files as needed, or
- Load from different directories
For Testing (Temporary):
- Open Firefox
- Navigate to
about:debugging - Click "This Firefox"
- Click "Load Temporary Add-on..."
- Select
manifest.jsonfrom theextensiondirectory - Extension ID will be
pass-browser@zisoft.de
Note: Temporary extensions are removed when Firefox closes.
For Permanent Installation:
You need to sign the extension via Mozilla Add-ons (AMO) or use Firefox Developer Edition/Nightly with xpinstall.signatures.required set to false.
- Click the extension icon
- Your password entries should load
- Navigate to a website with saved passwords
- Badge should show number of suggestions
The native messaging manifest for Firefox uses allowed_extensions instead of allowed_origins:
{
"name": "de.zisoft.pass_browser",
"description": "Pass Browser Native Host",
"path": "/path/to/pass_browser_host.py",
"type": "stdio",
"allowed_extensions": [ "pass-browser@zisoft.de" ]
}The install.sh script already creates both versions automatically.
- Minimum Firefox Version: 109.0
- Works with: Same Python host as Chrome/Edge
- Same features: All functionality identical to Chrome/Edge version
"Unable to connect to native messaging host":
-
Check if the Firefox manifest exists:
# macOS: ls ~/Library/Application\ Support/Mozilla/NativeMessagingHosts/de.zisoft.pass_browser.json # Linux: ls ~/.mozilla/native-messaging-hosts/de.zisoft.pass_browser.json
-
Check the manifest content:
cat ~/Library/Application\ Support/Mozilla/NativeMessagingHosts/de.zisoft.pass_browser.json
Should contain
"allowed_extensions": [ "pass-browser@zisoft.de" ] -
Check extension console:
- Go to
about:debugging - Click "Inspect" next to your extension
- Check Console tab for errors
- Go to
-
Test native host manually:
echo '{"command":"listEntries","pageURL":""}' | python3 ~/.local/share/pass-browser/pass_browser_host.py



