This repository has been archived on 2023-03-15. You can view files and clone it, but cannot push or open issues or pull requests.
infrastructure/op_guide/secrets/README.md

72 lines
1.1 KiB
Markdown
Raw Normal View History

2022-04-19 11:45:54 +00:00
## init
generate a new password store named deuxfleurs for you:
```
pass init -p deuxfleurs you@example.com
```
add a password in this store, it will be encrypted with your gpg key:
```bash
pass generate deuxfleurs/backup_nextcloud 20
# or
pass insert deuxfleurs/backup_nextcloud
```
## add a teammate
edit `~/.password-store/acme/.gpg-id` and add the id of your friends:
```
alice@example.com
jane@example.com
bob@example.com
```
make sure that you trust the keys of your teammates:
```
$ gpg --edit-key jane@example.com
gpg> lsign
gpg> y
gpg> save
```
Now re-encrypt the secrets:
```
pass init -p deuxfleurs $(cat ~/.password-store/deuxfleurs/.gpg-id)
```
They will now be able to decrypt the password:
```
pass deuxfleurs/backup_nextcloud
```
## sharing with git
To create the repo:
```bash
cd ~/.password-store/deuxfleurs
git init
git add .
git commit -m "Initial commit"
# Set up remote
git push
```
To setup the repo:
```bash
cd ~/.password-store
git clone https://git.example.com/org/repo.git deuxfleurs
```
https://medium.com/@davidpiegza/using-pass-in-a-team-1aa7adf36592