<div dir="ltr">+1 <div><br></div><div>In our case we use a Makefile with this task:</div><div><br></div><div><div>.PHONY: list-keys</div><div>list-keys: ## List all the keys in the store with ID and names</div><div><span class="" style="white-space:pre"> </span>@for key in $$(cat .gpg-id); do \</div><div><span class="" style="white-space:pre"> </span>printf "$${key}: "; \</div><div><span class="" style="white-space:pre"> </span>gpg --list-keys --with-colons $$key 2> /dev/null | awk -F: '/^pub/ {found = 1; print $$10} END {if (found != 1) {print "*** not found in local keychain ***"}}'; \</div><div><span class="" style="white-space:pre"> </span>done</div><div><br></div></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature">-- <br>Héctor Rivas</div></div>
<br><div class="gmail_quote">On Tue, May 17, 2016 at 9:23 AM, Mike Selby <span dir="ltr"><<a href="mailto:mike.selby@mantlehosting.co.uk" target="_blank">mike.selby@mantlehosting.co.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><span style="font-size:12.8px">Dear list</span><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Forgive me if I am getting this wrong format wise or style wise, this being the very first time I have submitted anything to an open source mailing list.</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">It would be very handy if .git-id files could be commented when using pass in a team setting like this :</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">```</div><div style="font-size:12.8px"><div>CE29776A #Mike Selby</div><div>AB42F9B2 #Joe Bloggs </div><div>FAD0CB4B #AWS web servers</div></div><div style="font-size:12.8px">```</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">A patch to make that happen is :</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">```</div><div style="font-size:12.8px"><div>diff --git a/tmp/pass.sh b/tmp/pass-new.sh</div><div>index 63be840..5c7037c 100644</div><div>--- a/tmp/pass.sh</div><div>+++ b/tmp/pass-new.sh</div><div>@@ -75,11 +75,13 @@ set_gpg_recipients() {</div><div> exit 1</div><div> fi</div><div> </div><div>- local gpg_id</div><div>- while read -r gpg_id; do</div><div>- GPG_RECIPIENT_ARGS+=( "-r" "$gpg_id" )</div><div>- GPG_RECIPIENTS+=( "$gpg_id" )</div><div>- done < "$current"</div><div>+ local gpg_id_full</div><div>+ local gpg_id</div><div>+ while read -r gpg_id_full; do</div><div>+ gpg_id="`/bin/echo $gpg_id_full | /bin/awk -F# '{print $1}'` "</div><div>+ GPG_RECIPIENT_ARGS+=( "-r" "$gpg_id" )</div><div>+ GPG_RECIPIENTS+=( "$gpg_id" )</div><div>+ done < "$current"</div><div> }</div><div> </div><div> reencrypt_path() {</div></div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">```</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">This would help greatly with our documentation. We are using pass to distribute secrets using CFEngine to a network of virtual machines each with different privileges requiring different secrets. Each virtual machine image has a key pair generated when the image for a role is first set up. In our version control repository we need only list the public key files from each image (for import to developer workstations) and have a multi folder pass store with different .gpg-id files in each listing the key ids of each image that should be granted access to the secrets in that folder. Each image is thus delivered all the secrets by CFEngine for simplicity but can only decrypt the ones it ought to. It seems to work quite nicely.</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Thanks for your time.</div><div style="margin:2px 0px 0px;font-size:12.8px"><div><br></div><div>Mike Selby<img src="https://ssl.gstatic.com/ui/v1/icons/mail/images/cleardot.gif"></div></div></div>
<br>
<b style="font-family:'Times New Roman';font-size:medium;font-weight:normal"><img src="https://lh3.googleusercontent.com/t9zkMw1nHoEmRHttYyI-9L89Bk_rx4j36LKeWyS0ADaHaRD1hW3sZUg9Vrh9Vs7eOA4UN6UFJbbRHYnl0tv6QJaQFPUYUSY5Ix0tD4rsvuJ1h2ToU240" width="180px;" height="80px;"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"></span><br><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"></span><br><span style="font-size:13px;font-family:Verdana;vertical-align:baseline;white-space:pre-wrap">22 Great Victoria Street, Belfast, BT2 7BA.</span><br><span style="font-size:13px;font-family:Verdana;vertical-align:baseline;white-space:pre-wrap">Tel: <a href="tel:%2B44%20%280%292890%20412%20888" value="+442890412888" target="_blank">+44 (0)2890 412 888</a></span><br><span style="font-size:13px;font-family:Verdana;vertical-align:baseline;white-space:pre-wrap">Offices in London, Glasgow and Belfast</span><br><a href="http://mantlehosting.co.uk/" target="_blank"><span style="font-size:13px;font-family:Verdana;color:rgb(17,85,204);vertical-align:baseline;white-space:pre-wrap">mantlehosting.co.uk</span></a><br><a href="http://mantlehosting.co.uk/" target="_blank"><span style="font-size:13px;font-family:Verdana;color:rgb(17,85,204);vertical-align:baseline;white-space:pre-wrap"></span></a><br><hr><span style="font-size:13px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"></span><br><span style="font-size:11px;font-family:Verdana;color:rgb(119,119,119);background-color:rgb(255,255,255);vertical-align:baseline;white-space:pre-wrap">Pensions Hosting Company Limited is a company registered in Northern Ireland with registered number NI 608643 whose registered office is at 22 Great Victoria Street, Belfast, BT2 7BA. VAT number 974 8252 79.</span><span style="font-size:11px;font-family:Verdana;color:rgb(128,128,128);vertical-align:baseline;white-space:pre-wrap"> This email and its attachments are confidential to the intended recipient. It may not be disclosed to or used by anyone other than the intended recipient, nor may it be copied in any way. If received in error please call Pensions Hosting Company Limited on <a href="tel:%2B44%20%280%29%202890%20412%20888" value="+442890412888" target="_blank">+44 (0) 2890 412 888</a> quoting the name of the sender, then delete it from your system. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Pensions Hosting Company Limited. Employees of Pensions Hosting Company Limited are expressly required not to make defamatory statements and not to infringe or authorize any infringement of copyright or any other legal right by email communications. Any such communication is contrary to Pensions Hosting Company Limited's policy and outside the scope of the employment of the individual concerned. The company will not accept any liability in respect of such communication, and the employee responsible will be personally liable for any damages or other liability arising. Email cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The recipient should check this email and any attachments for the presence of viruses. Pensions Hosting Company Limited accepts no liability for any errors or omissions in the contents of this message or for any damage caused by any virus transmitted by this email or for any loss or damage arising from the transmission or use of this email or attachments.</span><br><hr><br><span style="font-size:13px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"></span></b><br>_______________________________________________<br>
Password-Store mailing list<br>
<a href="mailto:Password-Store@lists.zx2c4.com">Password-Store@lists.zx2c4.com</a><br>
<a href="http://lists.zx2c4.com/mailman/listinfo/password-store" rel="noreferrer" target="_blank">http://lists.zx2c4.com/mailman/listinfo/password-store</a><br>
<br></blockquote></div><br></div>