[pass] fixing the limitations of multi-user/store support

Antoine Beaupré anarcat at koumbit.org
Wed Feb 6 23:48:44 CET 2013

So I have experimented a little more with multiple user and multiple
store support. The problem I am seeing is that this requires
significant configuration on the client side to work
properly. Furthermore, it requires configuration that cannot be shipped
with the git repository...

From what I understand, for my team password manager to work, *every*
member of the team must do the following:

 1. configure the team in their gpg.conf:

    echo 'group team=8DC901CE64146C048AD50FBB792152527B75921E 1F1214952C960401DF7B1C679A8F41050B64804A' >> ~/.gnupg/gpg.conf

 2. setup an alias for the repository:

    echo 'alias tpass="PASSWORD_STORE_DIR=$HOME/.password-store/team pass"' >> ~/.bashrc

    note that those instructions can vary according to the shell of the

 3. optionnally, fix bash completion:

    echo 'complete -o filenames -o nospace -F _pass tpass' >> ~/.bashrc

I see several problems with this approach.

 1. if the gpg.conf gets changed on *one* of the members of the team, it
    doesn't necessarily update it on all the members configuration, and
    things can get desynchronised quickly.

 2. the need for special configuration on client-side is error-prone and
    will limit adoption

I recommend that:

 1. the team can be defined in the .gpgid file - say it's one entry per
    line or something

 2. the PASSWORD_STORE_DIR can be passed as an argument instead of an
    environment variable

This will remove the need for client-side configuration and will make
sure the configuration is always in sync, as it is stored in the

I could work on such a patch if people are open to the idea.


Antoine Beaupré +++ Réseau Koumbit Networks +++ +1.514.387.6262 #208
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20130206/5dd4bfaa/attachment.asc>

More information about the Password-Store mailing list