[pass] Using pass for Teams
Héctor Rivas Gándara
keymon at gmail.com
Mon Sep 5 12:32:10 CEST 2016
Whenever I fork that repo for a team, I think about write a script to
parameterise and generate the readme... But I never do :-D
It works on bash, it would be cool to have the same for zsh... But I don't
master it
On 5 Sep 2016 11:24, "Johannes Rudolph" <jojo.rudolph at googlemail.com> wrote:
> Wow, that seems really, really useful!
>
> I think we will opt for a flat-directory structure for now (e.g. encoding
> key/usernames like service-user and adding more metadata via the multiline
> trick as @btober suggested.
>
> I still would like to pose the question of sub-dir handling to the
> maintainers, e.g. I find it reasonable to assume that subdirs "inherit" the
> gpg id file from their parent dir if none is found (recursively). Is that
> something you'd consider changing? I'd look into a PR, but my bash-skillz
> are seriously lacking.
>
> On Mon, Sep 5, 2016 at 12:02 PM, Héctor Rivas Gándara <keymon at gmail.com>
> wrote:
>
>> Hi,
>>
>> I use this project template for using pass with teams.
>> https://github.com/keymon/password-store-for-teams
>>
>> It has a script to allow have different aliases for different teams (eg
>> team1-pass in ~/.team1-pass)
>>
>> We have each one one gpg key, but you need to reencrypt on changes.
>> Otherwise you can use a master key or so, shared with all members. But you
>> are right about reencrypt subdirs. Maybe you can do a script to run pass
>> init on each occurrence of .gpg-id
>>
>> About separated mail/pw, I tend to have 2x different files. I'm general,
>> each value is a file, because it's easier to script.
>>
>> On 4 Sep 2016 21:57, "Johannes Rudolph" <jojo.rudolph at googlemail.com>
>> wrote:
>>
>>> I'm evaluating to use pass for our team with git. I'm not sure I
>>> understand some of the best-practices for using the tool so I wanted to ask
>>> for clarification:
>>>
>>> (1) adding pgp-id's
>>> when I add pgp-id's via pass init OLD NEW, pass does not reencrypt
>>> password files in subdirs (e.g. a/test) - even if those subdirs don't have
>>> their own .gpg-id file. I though pass would automatically assume to use the
>>> parent .pgp-id applies in this case? Am I doing this wrong?
>>>
>>> Same for remove. It works with passwords in the root directory
>>>
>>> (2) recording pw-metadata
>>> We sometimes have metadata for a password, e.g. username + email (the
>>> two being separate). If I only create the password file with username,
>>> where can I record the associated email address?
>>>
>>> (3) OS X autocompletion
>>> I installed via brew on OS X. install instructions on website are wrong
>>> (for me):
>>> *$ echo "source /usr/local/etc/bash_completion.d/password-store" >>
>>> ~/.bashrc*
>>> should be
>>> *$ echo "source /usr/local/etc/bash_completion.d/password-store" >>
>>> ~/.bash_profile*
>>>
>>> Hope this input is valuable for you as well, looking forward to some
>>> insight on 1 and 2. Thanks!
>>>
>>> Regards,
>>> Johannes
>>>
>>> _______________________________________________
>>> Password-Store mailing list
>>> Password-Store at lists.zx2c4.com
>>> http://lists.zx2c4.com/mailman/listinfo/password-store
>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160905/5af84d19/attachment.html>
More information about the Password-Store
mailing list