infrastructure/op_guide/secrets/README.md at 501fbb55533c5db5b5a74978505d08e339611150

Archived

This repository has been archived on 2023-03-15. You can view files and clone it, but cannot push or open issues or pull requests.

Quentin Dufour 501fbb5553

2022-04-19 13:46:12 +02:00

init

generate a new password store named deuxfleurs for you:

pass init -p deuxfleurs you@example.com

add a password in this store, it will be encrypted with your gpg key:

pass generate deuxfleurs/backup_nextcloud 20
# or
pass insert deuxfleurs/backup_nextcloud

edit ~/.password-store/acme/.gpg-id and add the id of your friends:

alice@example.com
jane@example.com
bob@example.com

make sure that you trust the keys of your teammates:

$ gpg --edit-key jane@example.com
gpg> lsign
gpg> y
gpg> save

Now re-encrypt the secrets:

pass init -p deuxfleurs $(cat ~/.password-store/deuxfleurs/.gpg-id)

They will now be able to decrypt the password:

pass deuxfleurs/backup_nextcloud

To create the repo:

cd ~/.password-store/deuxfleurs
git init
git add .
git commit -m "Initial commit"
# Set up remote
git push

To setup the repo:

cd ~/.password-store
git clone https://git.example.com/org/repo.git deuxfleurs