jean.rblt at gmail.com
Wed Apr 8 15:36:27 CEST 2020
If the specified gpg-id is different from the key used in any existing
files, these files will be reencrypted to use the new id.
This means that you cannot migrate specifically files encrypted with 1
GPG ID1 to another GPG ID2, right? Does this well mean that all files
encrypted with anything other than GPG ID2 will be re-encrypted to GPG
ID2? In this case, migrate would do a slightly different task?
On Wed, Apr 8, 2020 at 2:48 PM J Rt <jean.rblt at gmail.com> wrote:
> Oooh, sorry I missed this, my bad, and thank you for pointing to this
> :) . I think this is exactly what you said: a bit surprising this is
> done by the init command. Do you think it would be reasonable to write
> a 'thin wrapper' on the init command and call if for example migrate,
> with a very easy / rigid syntax, so that n00bs like me do not get
> confused and get confident about exactly what they do / how they
> migrate? :)
> On Wed, Apr 8, 2020 at 2:40 PM Artur Juraszek <artur at juraszek.xyz> wrote:
> > > My question is then: is there such a command allowing to perform the
> > > 'migrate' step without hazzle?
> > There is!
> > Surprisingly it's what 'pass init' can do, copy-pasting an excerpt from the manpage:
> > init [ --path=sub-folder, -p sub-folder ] gpg-id...
> > Initialize new password storage and use gpg-id for encryption. Multiple gpg-ids may
> > be specified, in order to encrypt each password with multiple ids. This command must
> > be run first before a password store can be used. If the specified gpg-id is differ-
> > ent from the key used in any existing files, these files will be reencrypted to use
> > the new id. Note that use of gpg-agent(1) is recommended so that the batch decryp-
> > tion does not require as much user intervention. If --path or -p is specified, along
> > with an argument, a specific gpg-id or set of gpg-ids is assigned for that specific
> > sub folder of the password store. If only one gpg-id is given, and it is an empty
> > string, then the current .gpg-id file for the specified sub-folder (or root if un-
> > specified) is removed.
> > --
> > Artur Juraszek
More information about the Password-Store