Stats
Actions
Tags
From proton-pass-cli
This skill should be used when the user mentions "Proton Pass", "pass-cli", "protonpass", asks to retrieve secrets, manage vaults, create items, inject secrets into templates or use SSH keys stored in Proton Pass. The CLI command is `pass-cli` (NOT `pass`).
How this skill is triggered — by the user, by Claude, or both
Slash command
/proton-pass-cli:proton-pass-cliThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Proton Pass CLI provides command-line access to Proton Pass vaults, items, and secrets. Use it for secret management, automation, and SSH integration.
Proton Pass CLI provides command-line access to Proton Pass vaults, items, and secrets. Use it for secret management, automation, and SSH integration.
The CLI command is pass-cli (NOT pass)
pass-cli is installed at https://proton.me/download/pass-cli/pass is important: pass is the standard Unix password manager with a different command and configuration file formatpass-cli login
pass-cli vault list
pass-cli item list --vault-name "Personal"
Share (Share ID) ─── Vault (Name) ─── Item (Title)
| Object | Description | Identifier |
|---|---|---|
| Share | Access grant to vault/item | share_id (Base64) |
| Vault | Container for items | share_id or name |
| Item | Individual credential | item_id or title |
| Field | Data within item | Field name (case-sensitive) |
Use pass:// URI syntax to reference secrets:
pass://<vault-identifier>/<item-identifier>/<field-name>
password, username, email)pass://Work/GitHub/password # Password field
pass://Personal/Email Login/username # Username field
pass://Production/Database/connection_string # Custom field
pass-cli login # Web login (opens browser)
pass-cli login --interactive [USERNAME] # CLI login with username
pass-cli logout # End session
pass-cli info # Show current session info
pass-cli test # Verify session is valid
pass-cli vault list # List all vaults
pass-cli vault create --name NAME # Create vault
pass-cli vault update --share-id ID --name NAME # Rename vault
pass-cli vault delete --share-id ID # Delete vault (permanent!)
pass-cli vault share --share-id ID EMAIL --role ROLE # Share vault
pass-cli item list --vault-name NAME # List items in vault
pass-cli item create login --title TITLE [options] # Create login
pass-cli item view "pass://Vault/Item" # View item
pass-cli item update --share-id ID --item-id ID --field FIELD=VALUE # Update
pass-cli item delete --share-id ID --item-id ID # Delete item
pass-cli inject --in-file FILE --out-file FILE # Process template
pass-cli run -- COMMAND # Run command with secrets
pass-cli view "pass://Vault/Item/Field" # View specific field
pass-cli ssh-agent load # Load keys into existing agent
pass-cli ssh-agent start # Start Proton Pass as SSH agent
pass-cli ssh-agent debug --vault-name NAME # Debug SSH key items
| Type | Description | Create Command |
|---|---|---|
| Login | Username/password credentials | pass-cli item create login |
| Note | Secure text notes | pass-cli item create note |
| SSH Key | SSH key pairs | pass-cli item create ssh-key generate or import |
| Alias | Email aliases (Proton Mail) | pass-cli item alias create |
| Credit Card | Payment card details | pass-cli item create credit-card |
| Role | Permissions |
|---|---|
| Viewer | View only |
| Editor | View, create, edit items |
| Manager | Full control including sharing |
# Random password (16 chars, symbols)
pass-cli item create login --title "New Account" --generate-password
# Passphrase (4 words)
pass-cli item create login --title "New Account" --generate-passphrase
# Custom format
pass-cli item create login --title "New Account" --generate-password="20,uppercase,symbols"
Create template with {{ pass://... }} placeholders:
database:
password: {{ pass://Production/Database/password }}
Process:
pass-cli inject --in-file config.yaml.template --out-file config.yaml
export DB_PASSWORD='pass://Production/Database/password'
pass-cli run -- ./deploy-app
API_KEY=$(pass-cli view "pass://Work/API Keys/api_key")
echo $API_KEY
pass-cli ssh-agent load
pass-cli ssh-agent start
export SSH_AUTH_SOCK=$HOME/.ssh/proton-pass-agent.sock
pass-cli ssh-agent debug --vault-name "MyVault"
| Variable | Description |
|---|---|
PROTON_PASS_PASSWORD | Account password |
PROTON_PASS_TOTP | TOTP code |
PROTON_PASS_EXTRA_PASSWORD | Extra password for Pass |
PROTON_PASS_SSH_KEY_PASSWORD | SSH key passphrase |
PROTON_PASS_SSH_KEY_PASSWORD_FILE | Path to file containing SSH key passphrase |
pass-cli item create ssh-key generate --vault-name "Keys" --title "GitHub Deploy"
cat > config.template <<EOF
database:
host: localhost
username: {{ pass://Work/API Keys/username }}
password: {{ pass://Work/API Keys/password }}
EOF
pass-cli inject --in-file config.template --out-file config.yaml --force
export DB_PASSWORD='pass://Production/Database/password'
pass-cli run -- ./deploy-app.sh
PROTON_PASS_* after use.env files or environment variables--generate-password over manual entrypass-cli test to verify session is valid| Issue | Solution |
|---|---|
| Login fails | Check credentials, network connection |
| "Reference not found" | Verify vault/item exists with vault list / item list |
| "Field not found" | Check field names with item view |
| "Too many SSH keys" | Use ssh-copy-id -o PreferredAuthentications=password -o PubkeyAuthentication=no |
| "Command not found" | Ensure pass-cli is installed and in PATH |
For detailed command reference, see references/commands.md
Creates, edits, and optimizes skills for Claude Code, including drafting, evaluating with test prompts, iterating on performance, and improving skill descriptions for better triggering accuracy.
npx claudepluginhub v1truv1us/proton-pass-cli-skill --plugin proton-pass-cli