[pass] Encrypting directory tree

Dylan Mikus dbmikus at gmail.com
Wed Mar 4 15:15:18 CET 2015


Thanks for the responses, guys. I guess it does seem better to have it
not encrypt the password store directory by default.

On Tue, Mar 3, 2015 at 12:44 AM, Matthew Cengia <mattcen at gmail.com> wrote:
> On 2015-03-02 22:42, Patrick Burroughs wrote:
>> On Tue, 3 Mar 2015 00:32:05 -0500 Dylan Mikus <dbmikus at gmail.com> wrote:
>> > Has there been any thought into encrypting the actual directory tree
>> > so that no one would be able to view what accounts you have? Is that
>> > something people are interested in, or was there a conscious decision
>> > against it for design reasons?
>>
>> Encrypting the entire directory tree makes it a lot harder to process
>> things with plain UNIX tools if you for some reason don't want to or
>> can't use pass to access the store.
>>
>> Conversely, if you really think the minor metadata leak is a problem,
>> tar up and gpg-encrypt your $PASSWORD_STORE_DIR and write a wrapper for
>> pass that decrypts/untars it to /dev/shm and sets $PASSWORD_STORE_DIR
>> appropriately, then cleans up after itself.
>
> Or use something like ecryptfs.
>
>
> --
> Regards,
> Matthew Cengia
>
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/password-store
>



-- 
Dylan Mikus
BS in Computer Science from CMU
dbmikus at gmail.com


More information about the Password-Store mailing list