[pass] Comments in .gid-id files

Héctor Rivas Gándara keymon at gmail.com
Tue May 17 10:27:22 CEST 2016


+1

In our case we use a Makefile with this task:

.PHONY: list-keys
list-keys: ## List all the keys in the store with ID and names
@for key in $$(cat .gpg-id); do \
printf "$${key}: "; \
gpg --list-keys --with-colons $$key 2> /dev/null | awk -F: '/^pub/ {found =
1; print $$10} END {if (found != 1) {print "*** not found in local keychain
***"}}'; \
done


-- 
Héctor Rivas

On Tue, May 17, 2016 at 9:23 AM, Mike Selby <mike.selby at mantlehosting.co.uk>
wrote:

> Dear list
>
> Forgive me if I am getting this wrong format wise or style wise, this
> being the very first time I have submitted anything to an open source
> mailing list.
>
> It would be very handy if .git-id files could be commented when using pass
> in a team setting like this :
>
> ```
> CE29776A #Mike Selby
> AB42F9B2 #Joe Bloggs
> FAD0CB4B #AWS web servers
> ```
>
> A patch to make that happen is :
>
> ```
> diff --git a/tmp/pass.sh b/tmp/pass-new.sh
> index 63be840..5c7037c 100644
> --- a/tmp/pass.sh
> +++ b/tmp/pass-new.sh
> @@ -75,11 +75,13 @@ set_gpg_recipients() {
>                 exit 1
>         fi
>
> -       local gpg_id
> -       while read -r gpg_id; do
> -               GPG_RECIPIENT_ARGS+=( "-r" "$gpg_id" )
> -               GPG_RECIPIENTS+=( "$gpg_id" )
> -       done < "$current"
> +        local gpg_id_full
> +        local gpg_id
> +        while read -r gpg_id_full; do
> +                gpg_id="`/bin/echo $gpg_id_full | /bin/awk -F# '{print
> $1}'` "
> +                GPG_RECIPIENT_ARGS+=( "-r" "$gpg_id" )
> +                GPG_RECIPIENTS+=( "$gpg_id" )
> +        done < "$current"
>  }
>
>  reencrypt_path() {
>
> ```
>
> This would help greatly with our documentation. We are using pass to
> distribute secrets using CFEngine to a network of virtual machines each
> with different privileges requiring different secrets.  Each virtual
> machine image has a key pair generated when the image for a role is first
> set up.  In our version control repository we need only list the public key
> files from each image (for import to developer workstations) and have a
> multi folder pass store with different .gpg-id files in each listing the
> key ids of each image that should be granted access to the secrets in that
> folder. Each image is thus delivered all the secrets by CFEngine for
> simplicity but can only decrypt the ones it ought to.  It seems to work
> quite nicely.
>
> Thanks for your time.
>
> Mike Selby
>
>
>
>
>
>
>
>
>
>
>
> *22 Great Victoria Street, Belfast, BT2 7BA.Tel: +44 (0)2890 412 888
> <%2B44%20%280%292890%20412%20888>Offices in London, Glasgow and
> Belfastmantlehosting.co.uk <http://mantlehosting.co.uk/>
> <http://mantlehosting.co.uk/>------------------------------Pensions Hosting
> Company Limited is a company registered in Northern Ireland with registered
> number NI 608643 whose registered office is at 22 Great Victoria Street,
> Belfast, BT2 7BA. VAT number 974 8252 79. This email and its attachments
> are confidential to the intended recipient. It may not be disclosed to or
> used by anyone other than the intended recipient, nor may it be copied in
> any way. If received in error please call Pensions Hosting Company Limited
> on +44 (0) 2890 412 888 <%2B44%20%280%29%202890%20412%20888> quoting the
> name of the sender, then delete it from your system. Any views or opinions
> presented in this email are solely those of the author and do not
> necessarily represent those of Pensions Hosting Company Limited. Employees
> of Pensions Hosting Company Limited are expressly required not to make
> defamatory statements and not to infringe or authorize any infringement of
> copyright or any other legal right by email communications. Any such
> communication is contrary to Pensions Hosting Company Limited's policy and
> outside the scope of the employment of the individual concerned. The
> company will not accept any liability in respect of such communication, and
> the employee responsible will be personally liable for any damages or other
> liability arising. Email cannot be guaranteed to be secure or error-free as
> information could be intercepted, corrupted, lost, destroyed, arrive late
> or incomplete, or contain viruses. The recipient should check this email
> and any attachments for the presence of viruses. Pensions Hosting Company
> Limited accepts no liability for any errors or omissions in the contents of
> this message or for any damage caused by any virus transmitted by this
> email or for any loss or damage arising from the transmission or use of
> this email or attachments.------------------------------*
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/password-store
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160517/e6d66a47/attachment-0001.html>


More information about the Password-Store mailing list