[pass] shared password store

David Adam zanchey at ucc.gu.uwa.edu.au
Tue Jun 30 17:35:08 CEST 2015

On Tue, 30 Jun 2015, CircleCode wrote:
> what would be the better way to share a common password store, say for
> example for an association?
> we can use the git repo, but what about the use of multiple gpg keys (or is
> it better to share a common key?)?
> as an additional question, how can I easily switch between my personal
> store and the so-created shared store? Can I, for example, make the shared
> store a submodule of my private one, or is it better to create an alias for
> each store that would change env vars?

I thought about this sort of thing for a while, and for our purposes I 
ended up writing a wrapper script which does a few things:

- stores the organisation's passwords in a separate directory (we use NFS 
  shared storage which not everyone has)
- generates new GPG keys for new users for the store and makes 
  reencryption easy
- keeps your personal keyring up-to-date with the shared keyring
- installs a GPG agent in new users' shell initialisation files

We have mostly assumed that if an attacker has compromised a sysadmin's 
account we are SOL. That may not be a useful assumption in your case. 
Also, most of our administrators have not used GPG in anger very much and 
so the wrapper makes it as easy as possible.

The only modification we had to make to pass was to allow arbitrary 
options to be passed to GPG using PASSWORD_STORE_GPG_OPTS; in 
particular, unless we cross-signed everyone's keys (hard to 
do automatically) we needed to use "--trust-model always". This got added 
to git in 4690a3021cf and will hopefully be in the next release.

I pushed our script 'uccpass' to 
http://git.ucc.asn.au/?p=zanchey/uccpass.git;a=summary if you are 
interested in taking a look.

David Adam
Wheel Group, University Computer Club
zanchey at ucc.gu.uwa.edu.au

More information about the Password-Store mailing list