[pass] Multiple keys per repo

David Sklar david.sklar at gmail.com
Thu Nov 29 19:40:03 CET 2012


I would find it convenient to combine multiple data sources in one repo
(e.g. work stuff and personal stuff) which should be encrypted by
different keys.

I put together the attached patch which allows for .gpg-id files in
subdirectories of the repo. Deepest one wins, ala Apache httpd .htaccess
files.

And then I saw
http://lists.zx2c4.com/pipermail/password-store-zx2c4.com/2012-September/000014.html
and the env var solution. :)

Any interest in multiple keys per repo?

David

-------------- next part --------------
diff --git a/src/password-store.sh b/src/password-store.sh
index 26a4bd0..b51a55b 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -77,6 +77,18 @@ yesno() {
 	read -p "$1 [y/N] " response
 	[[ $response == "y" || $response == "Y" ]] || exit 1
 }
+set_gpg_id() {
+ if [[ -f "$1/.gpg-id" ]]; then
+     ID="$(head -n 1 "$1/.gpg-id")"
+     return 0
+ else
+   if [[ "$(dirname $1)" == "." ]]; then
+     return -1
+   else
+     find_id "$(dirname $1)"
+   fi
+ fi
+}
 #
 # BEGIN Platform definable
 #
@@ -254,6 +266,7 @@ case "$command" in
 		[[ $force -eq 0 && -e $passfile ]] && yesno "An entry already exists for $path. Overwrite it?"
 
 		mkdir -p -v "$PREFIX/$(dirname "$path")"
+		set_gpg_id "$PREFIX/$(dirname "$path")"
 
 		if [[ $multiline -eq 1 ]]; then
 			echo "Enter contents of $path and press Ctrl+D when finished:"
@@ -286,6 +299,7 @@ case "$command" in
 
 		path="$1"
 		mkdir -p -v "$PREFIX/$(dirname "$path")"
+		set_gpg_id "$PREFIX/$(dirname "$path")"
 		passfile="$PREFIX/$path.gpg"
 		template="$program.XXXXXXXXXXXXX"
 
@@ -332,6 +346,7 @@ case "$command" in
 			exit 1
 		fi
 		mkdir -p -v "$PREFIX/$(dirname "$path")"
+		set_gpg_id "$PREFIX/$(dirname "$path")"
 		passfile="$PREFIX/$path.gpg"
 
 		[[ $force -eq 0 && -e $passfile ]] && yesno "An entry already exists for $path. Overwrite it?"
@@ -340,7 +355,7 @@ case "$command" in
 		[[ -n $pass ]] || exit 1
 		gpg2 -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$pass"
 		git_add_file "$passfile" "Added generated password for $path to store."
-		
+
 		if [[ $clip -eq 0 ]]; then
 			echo "The generated password to $path is:"
 			echo "$pass"


More information about the Password-Store mailing list