[pass] Multi-user pass / group pass
Lucas Arduini
st_luke at me.com
Fri Sep 21 02:46:20 CEST 2012
The Internet is freakin awesome
On Sep 20, 2012, at 8:42 PM, "Jason A. Donenfeld" <Jason at zx2c4.com> wrote:
> Hey Luke & Roman,
>
> I saw your twitter conversation about pass -- namely that it doesn't
> support multiple users. Interestingly enough, just yesterday someone
> emailed the pass mailing list about this (both copied), and I replied
> that although it doesn't support it, it'd be trivial to add. Then,
> thirty seconds later, I realized that due to a super nice GPG feature,
> pass does in fact already support this. Check it out:
>
> Fundamentally, pass comes down to this gpg command:
>
> gpg -r "Some user provided id" -e -o "output file name"
>
> gpg can support multiple recipients by adding more -r commands -- this
> is the trivial change I was talking about. But it can also do
> something much better and more robust. GPG has a notion of "groups",
> where you can assign one recipient ID to multiple recipients. So, this
> command:
>
> gpg -r "team" -e -o "output file name"
>
> winds up expanding to all of the individuals on the team, encrypting
> each password efficiently and securely with each of their public keys,
> allowing any one of their private keys to decipher it.
>
>
> But nevermind all these technical details. How does it work in
> practice? Super simple:
>
> You set up a GPG group using "gpg --group". This simply adds a line to
> ~/.gnupg/gpg.conf that looks like "group team = paige 0x12345678 joe
> patti".
>
> Then, you init pass using "team" instead of your key:
>
> pass init team
>
> Simple as that. From now on, passwords will be encrypted using multiple keys.
>
>
> Hope this helps. Let me know if you have any questions, and please
> don't hesitate to join the pass mailing list:
> http://lists.zx2c4.com/listinfo.cgi/password-store-zx2c4.com
>
> Jason
More information about the Password-Store
mailing list