[pass] [PATCH] Team pass: enable multiple keys and per directory

Jan-Frode Myklebust janfrode at tanso.net
Wed Mar 19 18:06:52 CET 2014

> Den 19. mars 2014 kl. 14:01 skrev Josh Cartwright <joshc at eso.teric.us>:
> Perhaps instead of maintaining a .gpg_id key list, a keyring with the
> teams' public keys should be used.

I agree it's a pain to distribute, and change keys, but am uncertain about if I'd want to blindly trust a keyring distributed together with the password store. Actually, even trusting the list of keyid's instead of a group name defined outside of the git repo is opening up an easy attack by changing the list of id's git-serverside to steal new passwords. 

The .gpg_id (or keyring) should probably be signed by someone we trust outside of the password-store before use.


More information about the Password-Store mailing list