Set up another PC to access pass's remote git repository
radon.neon at gmail.com
Mon Oct 16 06:42:01 CEST 2017
The way I've set it up, all of my passwords are random except for
three: my GitHub password, my SSH passphrase, and my GPG passphrase.
So when I set up a new machine, I clone my SSH keys from GitHub using
HTTPS; then I can clone any of my other repositories using SSH,
including my GPG keyring and my Pass repository. Finally, I can use my
GPG keyring to unlock any of my other passwords.
Certainly there are security implications to having my SSH and GPG
keys, as well as all my passwords, in private GitHub repositories.
However, I set up my security model under the assumption that if my
master passphrases are compromised then any other protection is just
security-through-obscurity. The idea is that an attacker would need to
get (machine access + GPG passphrase) or (GitHub password + GPG
passphrase) in order to compromise everything. Then it's a matter of
religiously using a dedicated pinentry program to enter the master GPG
passphrase, to avoid most attack vectors.
More information about the Password-Store