[pass] Add option to replace encryption key in use?

Tmplt ttemplate223 at gmail.com
Fri Jul 29 03:04:11 CEST 2016


My gpg setup was due to a makeover, so I created a new key dedicated to
pass' files. I did this with the following commands as it didn't seem
like pass supported this feature:

  find .password-store -type f -name '*.gpg' -exec gpg --decrypt-files
'{}' \;
  find .password-store -type f -name '*.gpg' -delete
  find .password-store -type f -exec gpg -r <fingerprint>
--encrypt-files '{}' \;

I then removed the unencrypted files.

Is this a feature that pass could support, or is it too much of an
uncommon case of usage?

It might be a safer operation if pass would support this, as I realize
belatedly that removing the unencrypted files with `rm` leaves me open
for exploits (which perhaps wouldn't be the case if I had used `shred
--remove` instead)

What do you think?


More information about the Password-Store mailing list