[pass] Signing individual pass files

James Cline lenish at gmail.com
Thu Jul 24 19:44:33 CEST 2014

On Thu, Jul 24, 2014 at 07:28:23PM +0200, Jason A. Donenfeld wrote:
> Actually, we don't use --sign for gpg, for signing. Instead we use git's
> signing feature, which invokes gpg --sign internally to sign *commits*.

This feature doesn't seem very well documented. AFAICT it just seems to
be referenced in what appears to be an otherwise unrelated section of
the man page:

>       git git-command-args...
>              If the password store is a git  repository,  pass  git-
>              command-args  as arguments to git(1) using the password
>              store as the git  repository.  If  git-command-args  is
>              init,  in  addition to initializing the git repository,
>              add the current contents of the password store  to  the
>              repository  in an initial commit. If the git config key
>              pass.signcommits is set to true, then all commits  will
>              be  signed  using  user.signingkey  or  the default git
>              signing key. This config key may be  turned  on  using:
>              `pass git config --bool --add pass.signcommits true`

It might help to add something to the website as well as the example
section of the man page?

More information about the Password-Store mailing list