Update guide
This commit is contained in:
parent
501fbb5553
commit
d62f87fa71
GPG key ID:
E9602264D639FF68
1 changed files with 88 additions and 1 deletions
|
|
@ -1,3 +1,90 @@
|
||||||
|
## you are new and want to access the secret repository
|
||||||
|
|
||||||
|
You need a GPG key to start with.
|
||||||
|
You can generate one with:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
gpg2 --expert --full-gen-key
|
||||||
|
# Personnaly I use `9) ECC and ECC`, `1) Curve 25519`, and `5y`
|
||||||
|
```
|
||||||
|
|
||||||
|
Now export your public key:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
gpg2 --export --armor <your email address>
|
||||||
|
```
|
||||||
|
|
||||||
|
You can upload it to Gitea, it will then be available publicly easily.
|
||||||
|
For example, you can access my key at this URL:
|
||||||
|
|
||||||
|
```
|
||||||
|
https://git.deuxfleurs.fr/quentin.gpg
|
||||||
|
```
|
||||||
|
|
||||||
|
You can import it to your keychain as follow:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
gpg2 --import <(curl https://git.deuxfleurs.fr/quentin.gpg)
|
||||||
|
gpg2 --list-keys
|
||||||
|
# pub ed25519/0xE9602264D639FF68 2022-04-19 [SC] [expire : 2027-04-18]
|
||||||
|
# Empreinte de la clef = 8023 E27D F1BB D52C 559B 054C E960 2264 D639 FF68
|
||||||
|
# uid [ ultime ] Quentin Dufour <quentin@deuxfleurs.fr>
|
||||||
|
# sub cv25519/0xA40574404FF72851 2022-04-19 [E] [expire : 2027-04-18]
|
||||||
|
```
|
||||||
|
|
||||||
|
How to read this snippet:
|
||||||
|
- the key id: `E9602264D639FF68`
|
||||||
|
- the key fingerprint: `8023 E27D F1BB D52C 559B 054C E960 2264 D639 FF68`
|
||||||
|
|
||||||
|
Now, you need to:
|
||||||
|
1. Inform all other sysadmins that you have published your key
|
||||||
|
2. Check that the key of other sysadmins is the correct one.
|
||||||
|
|
||||||
|
To perform the check, you need another communication channel (ideally physically, otherwise through the phone, Matrix if you already trusted the other person, etc.)
|
||||||
|
|
||||||
|
Once you trust someone, sign its key:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
gpg --edit-key email@example.com
|
||||||
|
# or
|
||||||
|
gpg --edit-key E9602264D639FF68
|
||||||
|
# gpg> lsign
|
||||||
|
# (say yes)
|
||||||
|
# gpg> save
|
||||||
|
```
|
||||||
|
|
||||||
|
Once you signed everybody, ask to a sysadmin to add your key to `<secrets>/.gpg-id` and then run:
|
||||||
|
|
||||||
|
```
|
||||||
|
pass init -p deuxfleurs $(cat ~/.password-store/deuxfleurs/.gpg-id)
|
||||||
|
cd ~/.password-store
|
||||||
|
git commit
|
||||||
|
git push
|
||||||
|
```
|
||||||
|
|
||||||
|
Now you are ready to install `pass`:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo apt-get install pass # Debian + Ubuntu
|
||||||
|
sudo yum install pass # Fedora + RHEL
|
||||||
|
sudo zypper in password-store # OpenSUSE
|
||||||
|
sudo emerge -av pass # Gentoo
|
||||||
|
sudo pacman -S pass # Arch Linux
|
||||||
|
brew install pass # macOS
|
||||||
|
pkg install password-store # FreeBSD
|
||||||
|
```
|
||||||
|
|
||||||
|
*Go to [passwordstore.org](https://www.passwordstore.org/) for more information about pass*.
|
||||||
|
|
||||||
|
And then check that everything work:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
pass show deuxfleurs
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
## init
|
## init
|
||||||
|
|
||||||
|
|
@ -66,6 +153,6 @@ cd ~/.password-store
|
||||||
git clone https://git.example.com/org/repo.git deuxfleurs
|
git clone https://git.example.com/org/repo.git deuxfleurs
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Ref
|
||||||
|
|
||||||
https://medium.com/@davidpiegza/using-pass-in-a-team-1aa7adf36592
|
https://medium.com/@davidpiegza/using-pass-in-a-team-1aa7adf36592
|
||||||
|
|
|
||||||
Reference in a new issue