[pass] Multiple Users & Multiple Password Stores

[Kevin Crawford]

On Fri, Oct 11, 2013 at 10:48 AM, Chris Down <chris at chrisdown.name> wrote:
> On 2013-10-11 10:13, Kevin Crawford wrote:
>> Are there any recommended multi-user workflows for pass, using Git?
>
> Well, first of all, you should really be keeping totally separate Git
> repositories. I assume you're already using multiple system users to represent
> different real users on your system, so this should be easy enough.
>
> Otherwise, you can always use different branches to store different users'
> passwords. But seriously, don't do that. Just use different Git repositories.
> Anything else sucks. Really.

Ah, I don't mean different users on the same computer. I mean
different users on different computers—for managing passwords shared
with coworkers.

I envision a system where we can each use our own keys to unlock the
same password store, and keep that password store synced on each of
our computers using git.

>
>> And secondly, is it possible to keep multiple password stores (e.g.,
>> one for work, and one for personal use)? One idea that comes to mind
>> is adding /personal to .gitignore, and initializing a separate repo
>> inside of that directory. But would this work with pass's automated
>> git commands?
>
> If you really want to do that, you would use a git submodule, which is
> basically what you just asked to do (except for it's built into git, and isn't
> nearly as hacky as what was proposed). I think using a git submodule in this
> case is just overengineering, though.
>
> I would suggest either using a naming scheme like p/foo/bar and w/foo/bar, or
> using multiple branches. It's easy enough to run "pass git checkout work".

My clarification on the first question should lend an understanding to
my motivation for this question. I want to keep the work passwords
synced in a git repo and shared with coworkers, _not_ my personal
passwords.