[pass] Using pass for Teams
David Adam
zanchey at ucc.gu.uwa.edu.au
Tue Sep 6 16:41:07 CEST 2016
On Sun, 4 Sep 2016, Johannes Rudolph wrote:
> I'm evaluating to use pass for our team with git. I'm not sure I understand
> some of the best-practices for using the tool so I wanted to ask for
> clarification:
>
> (1) adding pgp-id's
> when I add pgp-id's via pass init OLD NEW, pass does not reencrypt password
> files in subdirs (e.g. a/test) - even if those subdirs don't have their own
> .gpg-id file. I though pass would automatically assume to use the parent
> .pgp-id applies in this case? Am I doing this wrong?
>
> Same for remove. It works with passwords in the root directory
Hi Johannes,
I wrote a wrapper around pass for our team use, which handles a number of
additional tasks such as new user setup (key generation, shell integration
and GPG agent setup) and onboarding (having an already-authorised user
reload the entire store once new users are setup).
It makes a number of assumptions about the security model that we have -
in particular, we have a shared storage directory with group write
permissions - but it might be useful for you.
http://git.ucc.asn.au/?p=zanchey/uccpass.git;a=summary
David Adam
zanchey at ucc.gu.uwa.edu.au
More information about the Password-Store
mailing list