[pass] Add option to replace encryption key in use?

Kevin Cox kevincox at kevincox.ca
Fri Jul 29 04:54:27 CEST 2016


On a related note. We see this question a lot and I know I have been
confused in the past. Is there any way that this feature of `pass init` be
more discoverable?

On Thu, Jul 28, 2016, 21:07 Brian Minton <brian at minton.name> wrote:

> You can use "pass init" to add or change keys. It will do commands similar
> to what you were doing manually.
>
> On Thu, Jul 28, 2016, 9:04 PM Tmplt <ttemplate223 at gmail.com> wrote:
>
>> Hello,
>>
>> My gpg setup was due to a makeover, so I created a new key dedicated to
>> pass' files. I did this with the following commands as it didn't seem
>> like pass supported this feature:
>>
>>   find .password-store -type f -name '*.gpg' -exec gpg --decrypt-files
>> '{}' \;
>>   find .password-store -type f -name '*.gpg' -delete
>>   find .password-store -type f -exec gpg -r <fingerprint>
>> --encrypt-files '{}' \;
>>
>> I then removed the unencrypted files.
>>
>> Is this a feature that pass could support, or is it too much of an
>> uncommon case of usage?
>>
>> It might be a safer operation if pass would support this, as I realize
>> belatedly that removing the unencrypted files with `rm` leaves me open
>> for exploits (which perhaps wouldn't be the case if I had used `shred
>> --remove` instead)
>>
>> What do you think?
>>
>> --
>> Tmplt
>> _______________________________________________
>> Password-Store mailing list
>> Password-Store at lists.zx2c4.com
>> http://lists.zx2c4.com/mailman/listinfo/password-store
>>
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/password-store
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160729/3a41d668/attachment.html>


More information about the Password-Store mailing list