[pass] Encrypt filenames in the store

Kjetil Torgrim Homme kjetil.homme at redpill-linpro.com
Tue Jan 19 13:41:09 CET 2016


On 01/19/2016 01:14 PM, Michael Aquilina wrote:
> I'm actually fairly interested in this too. While having the names of my
> passwords on display is not a huge deal, it does leak some information
> in terms of what sites you've signed up for etc... 
> 
> If there was a way to hide this information, it would be an improvement IMO.
> 
> I do however understand that it moves away from the philosophy of
> keeping simple.
> 

step 1: keep your own copy of the password-store safe, in an encrypted
file system.

step 2: if you need to export your repository or share it with others,
use something like https://github.com/joeyh/git-remote-gcrypt (I have
not tested it myself, but it looks like a reasonably simple and safe way
to handle the problem.)


(I do not think the filenames I choose are sufficiently security
sensitive to mandate step 2.)

-- 
Kjetil T. Homme
Redpill Linpro - Changing the game

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160119/a56a8321/attachment.asc>


More information about the Password-Store mailing list