infrastructure/op_guide/secrets
2022-04-19 13:46:12 +02:00
..
README.md Add doc for secrets 2022-04-19 13:46:12 +02:00

init

generate a new password store named deuxfleurs for you:

pass init -p deuxfleurs you@example.com

add a password in this store, it will be encrypted with your gpg key:

pass generate deuxfleurs/backup_nextcloud 20
# or
pass insert deuxfleurs/backup_nextcloud

add a teammate

edit ~/.password-store/acme/.gpg-id and add the id of your friends:

alice@example.com
jane@example.com
bob@example.com

make sure that you trust the keys of your teammates:

$ gpg --edit-key jane@example.com
gpg> lsign
gpg> y
gpg> save

Now re-encrypt the secrets:

pass init -p deuxfleurs $(cat ~/.password-store/deuxfleurs/.gpg-id)

They will now be able to decrypt the password:

pass deuxfleurs/backup_nextcloud

sharing with git

To create the repo:

cd ~/.password-store/deuxfleurs
git init
git add .
git commit -m "Initial commit"
# Set up remote
git push

To setup the repo:

cd ~/.password-store
git clone https://git.example.com/org/repo.git deuxfleurs

https://medium.com/@davidpiegza/using-pass-in-a-team-1aa7adf36592