[pass] Using pass for Teams

[David Adam]

On Sun, 4 Sep 2016, Johannes Rudolph wrote:
> I'm evaluating to use pass for our team with git. I'm not sure I understand
> some of the best-practices for using the tool so I wanted to ask for
> clarification:
> 
> (1) adding pgp-id's
> when I add pgp-id's via pass init OLD NEW, pass does not reencrypt password
> files in subdirs (e.g. a/test) - even if those subdirs don't have their own
> .gpg-id file. I though pass would automatically assume to use the parent
> .pgp-id applies in this case? Am I doing this wrong?
> 
> Same for remove. It works with passwords in the root directory

Hi Johannes,

I wrote a wrapper around pass for our team use, which handles a number of 
additional tasks such as new user setup (key generation, shell integration 
and GPG agent setup) and onboarding (having an already-authorised user 
reload the entire store once new users are setup).

It makes a number of assumptions about the security model that we have - 
in particular, we have a shared storage directory with group write 
permissions - but it might be useful for you.

http://git.ucc.asn.au/?p=zanchey/uccpass.git;a=summary

David Adam
zanchey at ucc.gu.uwa.edu.au