[pass] Adding/removing keys

Ben Butler-Cole ben at bridesmere.com
Wed Dec 9 17:07:25 CET 2015


On 9 December 2015 at 15:26, Uwe Kaminski <jukey at ju-key.de> wrote:

> What still keeps problematic is when using git the history contains
> also encrypted files that are encrypted by a key that was "revoked"
> later on.
>

What you are implicitly asking for isn't possible under pass's model and
I'm not sure that it's even useful. If someone's access to a secret is
revoked you must always rotate that secret at the same time, because you
can't be sure that they don't have a local copy of the secret outside the
storage system. I don't think there's any getting round that.

-Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20151209/3b44340d/attachment.html>


More information about the Password-Store mailing list