Multiple Git subdirectories for different environments

Brian Candler b.candler at pobox.com
Thu Jan 12 14:00:01 CET 2017 

On 12/01/2017 12:38, Grégoire Détrez wrote:
> Assuming you have the following structure in your repository:
> .password-store
> ├── home
> │   └── foo.gpg
> └── work
>      └── foo.gpg
>
> with
>
>      $ pass home/foo
>      1234
>      $ pass work/foo
>      4321
>
> Then you can do set the environment variables like this:
>
>      $ export PASSWORD_STORE_GIT=~/.password-store
>      $ export PASSWORD_STORE_DIR=~/.password-store/home
>      $ pass foo
>      1234
>      $ export PASSWORD_STORE_DIR=~/.password-store/work
>      $ pass foo
>      4321
I don't think that addresses the question, because it's assuming that 
all the passwords are in the same git repo.

What I think the OP wants (it's certainly what I want!) is to have 
multiple git repos, so I can sync my home passwords to one repo and my 
work passwords to another one:

.password-store
├── home
│   └── .git
│   └── foo.gpg
└── work
     └── .git
     └── foo.gpg

This doesn't work, for reasons which you'll find in the list archives. 
Briefly, "pass git pull" doesn't work unless the top-level is a git 
repo. But if you make an outer git repo, and make the inner ones be 
submodules, pass fails to commit changes because its working directory 
is not inside the correct submodule.

The only sensible way I've found to make this work is using shell 
scripts or aliases: e.g. create a script called "workpass" like this

#!/bin/sh
PASSWORD_STORE_DIR=/Users/brian/git/work-pass/password-store pass "$@"

However I've been bitten several times by accidentally using "pass edit 
foo" or (worse) "pass init <ids>" when I meant to type "workpass edit 
foo" or "workpass init <ids>"

For me, the perfect solution would be:

* the .password-store tree can have zero or more git repos, in any place
* "pass edit foo/bar" would commit to the git repo which contains 
foo/bar (or none, if it's outside any git tree)
* "pass pull foo/bar" would git pull the repo which contains foo/bar
* "pass pull" would git pull all the repos recursively

Regards,

Brian.

More information about the Password-Store mailing list