Add doc for secrets

2022-04-19 13:45:54 +02:00 · 2022-04-19 13:45:54 +02:00 · 501fbb5553
parent b2b26879cb
commit 501fbb5553
1 changed files with 71 additions and 0 deletions
--- a/op_guide/secrets/README.md
+++ b/op_guide/secrets/README.md
@ -0,0 +1,71 @@
+
+## init
+
+generate a new password store named deuxfleurs for you:
+
+```
+pass init -p deuxfleurs you@example.com
+```
+
+add a password in this store, it will be encrypted with your gpg key:
+
+```bash
+pass generate deuxfleurs/backup_nextcloud 20
+# or
+pass insert deuxfleurs/backup_nextcloud
+```
+
+## add a teammate
+
+edit `~/.password-store/acme/.gpg-id` and add the id of your friends:
+
+```
+alice@example.com
+jane@example.com
+bob@example.com
+```
+
+make sure that you trust the keys of your teammates:
+
+```
+$ gpg --edit-key jane@example.com
+gpg> lsign
+gpg> y
+gpg> save
+```
+
+Now re-encrypt the secrets:
+
+```
+pass init -p deuxfleurs $(cat ~/.password-store/deuxfleurs/.gpg-id)
+```
+
+They will now be able to decrypt the password:
+
+```
+pass deuxfleurs/backup_nextcloud
+```
+
+## sharing with git
+
+To create the repo:
+
+```bash
+cd ~/.password-store/deuxfleurs
+git init
+git add .
+git commit -m "Initial commit"
+# Set up remote
+git push
+```
+
+To setup the repo:
+
+```bash
+cd ~/.password-store
+git clone https://git.example.com/org/repo.git deuxfleurs
+```
+
+
+
+https://medium.com/@davidpiegza/using-pass-in-a-team-1aa7adf36592