[pass] Multiple keys per repo
David Sklar
david.sklar at gmail.com
Thu Nov 29 19:40:03 CET 2012
I would find it convenient to combine multiple data sources in one repo
(e.g. work stuff and personal stuff) which should be encrypted by
different keys.
I put together the attached patch which allows for .gpg-id files in
subdirectories of the repo. Deepest one wins, ala Apache httpd .htaccess
files.
And then I saw
http://lists.zx2c4.com/pipermail/password-store-zx2c4.com/2012-September/000014.html
and the env var solution. :)
Any interest in multiple keys per repo?
David
-------------- next part --------------
diff --git a/src/password-store.sh b/src/password-store.sh
index 26a4bd0..b51a55b 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -77,6 +77,18 @@ yesno() {
read -p "$1 [y/N] " response
[[ $response == "y" || $response == "Y" ]] || exit 1
}
+set_gpg_id() {
+ if [[ -f "$1/.gpg-id" ]]; then
+ ID="$(head -n 1 "$1/.gpg-id")"
+ return 0
+ else
+ if [[ "$(dirname $1)" == "." ]]; then
+ return -1
+ else
+ find_id "$(dirname $1)"
+ fi
+ fi
+}
#
# BEGIN Platform definable
#
@@ -254,6 +266,7 @@ case "$command" in
[[ $force -eq 0 && -e $passfile ]] && yesno "An entry already exists for $path. Overwrite it?"
mkdir -p -v "$PREFIX/$(dirname "$path")"
+ set_gpg_id "$PREFIX/$(dirname "$path")"
if [[ $multiline -eq 1 ]]; then
echo "Enter contents of $path and press Ctrl+D when finished:"
@@ -286,6 +299,7 @@ case "$command" in
path="$1"
mkdir -p -v "$PREFIX/$(dirname "$path")"
+ set_gpg_id "$PREFIX/$(dirname "$path")"
passfile="$PREFIX/$path.gpg"
template="$program.XXXXXXXXXXXXX"
@@ -332,6 +346,7 @@ case "$command" in
exit 1
fi
mkdir -p -v "$PREFIX/$(dirname "$path")"
+ set_gpg_id "$PREFIX/$(dirname "$path")"
passfile="$PREFIX/$path.gpg"
[[ $force -eq 0 && -e $passfile ]] && yesno "An entry already exists for $path. Overwrite it?"
@@ -340,7 +355,7 @@ case "$command" in
[[ -n $pass ]] || exit 1
gpg2 -e -r "$ID" -o "$passfile" $GPG_OPTS <<<"$pass"
git_add_file "$passfile" "Added generated password for $path to store."
-
+
if [[ $clip -eq 0 ]]; then
echo "The generated password to $path is:"
echo "$pass"
More information about the Password-Store
mailing list