It has a command-line interface, and uses GnuPG for encryption and decryption of stored passwords.

[2][3] The passwords are encrypted and stored in separate files, and can be organized via the operating system's filesystem.

There are several graphical user interfaces (GUIs) available, such as QtPass for Linux/Windows/MacOS or Password Store for Android operating systems.

The built in Git functionality also allows for automated version history tracking of the password store.

In June 2018, pass was found to be vulnerable to a variant of the SigSpoof attack.