[pass] Multi-user pass / group pass
Roman Shtylman
shtylman at gmail.com
Fri Sep 21 09:31:19 CEST 2012
Jason, thanks for educating us :) I must agree 100% with the "internet is awesome" statement!
One comment I would make about the use of "team" approach described below (and correct me if I am wrong) is that it will mean all your passwords are now stored with the team key. What I think would be a desired feature/usecase is to have a subset of my passwords stored using the team key and others stored using personal keys. I personally keep an organizational scheme where my personal passwords are under different folders from projects and business passwords.
One way to make this happen would be to drop a gpgid file into any of those subfolders and have that be used for that subfolder and those under it? This would probably require a new command line option --key or something for generate and insert which would let you specify the key? Or maybe just allow the init command to take a subfolder argument meaning "initialize new storage with this key under this folder in .password-store"
Thought?
cheers,
~Roman
P.S. Long live pass!
On Sep 21, 2012, at 8:08 AM, milki <milki at rescomp.berkeley.edu> wrote:
> On 02:55 Fri 21 Sep , Jason A. Donenfeld wrote:
>>> On Fri, Sep 21, 2012 at 10:46 AM, Lucas Arduini <st_luke at me.com> wrote:
>>> The Internet is freakin awesome
>>
>> Haha, indeed.
>>
>> On Fri, Sep 21, 2012 at 2:47 AM, Simon KP <si at eskp.net> wrote:
>>> What happens if one person leaves the team and another enters with a new
>>> key?
>>
>> It's pretty trivial to re-encrypt the password-store. You can even do
>> it in a one-liner:
>>
>> find ~/.password-store -iname '*.gpg' | while read password; do gpg
>> --batch --quiet -d "$password" | gpg -r "$(head
>> ~/.password-store/.gpg-id)" -e -o "$password.new" --batch --quiet &&
>> mv -v "$password.new" "$password"; done
>>
>> Actually, I'll consider adding a switch to "pass init" for this --
>> something like --reencrypt or --reinit. Suggestions?
>
> It's probably useful to note that, if git is used, reencrypting will
> only block access to new changes to the password files.
>
>
> --
> milki
More information about the Password-Store
mailing list