pass migrate

J Rt jean.rblt at
Wed Apr 8 15:36:27 CEST 2020

If the specified gpg-id is different from the key used in any existing
files, these files will be reencrypted to use the new id.

This means that you cannot migrate specifically files encrypted with 1
GPG ID1 to another GPG ID2, right? Does this well mean that all files
encrypted with anything other than GPG ID2 will be re-encrypted to GPG
ID2? In this case, migrate would do a slightly different task?

On Wed, Apr 8, 2020 at 2:48 PM J Rt <jean.rblt at> wrote:
> Oooh, sorry I missed this, my bad, and thank you for pointing to this
> :) . I think this is exactly what you said: a bit surprising this is
> done by the init command. Do you think it would be reasonable to write
> a 'thin wrapper' on the init command and call if for example migrate,
> with a very easy / rigid syntax, so that n00bs like me do not get
> confused and get confident about exactly what they do / how they
> migrate? :)
> On Wed, Apr 8, 2020 at 2:40 PM Artur Juraszek <artur at> wrote:
> >
> >
> > > My question is then: is there such a command allowing to perform the
> > > 'migrate' step without hazzle?
> >
> > There is!
> > Surprisingly it's what 'pass init' can do, copy-pasting an excerpt from the manpage:
> >
> >   init [ --path=sub-folder, -p sub-folder ] gpg-id...
> >          Initialize new password storage and use gpg-id for encryption. Multiple gpg-ids  may
> >          be specified, in order to encrypt each password with multiple ids. This command must
> >          be run first before a password store can be used. If the specified gpg-id is differ-
> >          ent  from the key used in any existing files, these files will be reencrypted to use
> >          the new id.  Note that use of gpg-agent(1) is recommended so that the batch  decryp-
> >          tion does not require as much user intervention. If --path or -p is specified, along
> >          with an argument, a specific gpg-id or set of gpg-ids is assigned for that  specific
> >          sub  folder  of  the password store. If only one gpg-id is given, and it is an empty
> >          string, then the current .gpg-id file for the specified sub-folder (or root  if  un-
> >          specified) is removed.
> >
> > --
> > Artur Juraszek

More information about the Password-Store mailing list