forked from Deuxfleurs/infrastructure
Update guide
This commit is contained in:
parent
501fbb5553
commit
d62f87fa71
1 changed files with 88 additions and 1 deletions
|
@ -1,3 +1,90 @@
|
|||
## you are new and want to access the secret repository
|
||||
|
||||
You need a GPG key to start with.
|
||||
You can generate one with:
|
||||
|
||||
```bash
|
||||
gpg2 --expert --full-gen-key
|
||||
# Personnaly I use `9) ECC and ECC`, `1) Curve 25519`, and `5y`
|
||||
```
|
||||
|
||||
Now export your public key:
|
||||
|
||||
```bash
|
||||
gpg2 --export --armor <your email address>
|
||||
```
|
||||
|
||||
You can upload it to Gitea, it will then be available publicly easily.
|
||||
For example, you can access my key at this URL:
|
||||
|
||||
```
|
||||
https://git.deuxfleurs.fr/quentin.gpg
|
||||
```
|
||||
|
||||
You can import it to your keychain as follow:
|
||||
|
||||
```bash
|
||||
gpg2 --import <(curl https://git.deuxfleurs.fr/quentin.gpg)
|
||||
gpg2 --list-keys
|
||||
# pub ed25519/0xE9602264D639FF68 2022-04-19 [SC] [expire : 2027-04-18]
|
||||
# Empreinte de la clef = 8023 E27D F1BB D52C 559B 054C E960 2264 D639 FF68
|
||||
# uid [ ultime ] Quentin Dufour <quentin@deuxfleurs.fr>
|
||||
# sub cv25519/0xA40574404FF72851 2022-04-19 [E] [expire : 2027-04-18]
|
||||
```
|
||||
|
||||
How to read this snippet:
|
||||
- the key id: `E9602264D639FF68`
|
||||
- the key fingerprint: `8023 E27D F1BB D52C 559B 054C E960 2264 D639 FF68`
|
||||
|
||||
Now, you need to:
|
||||
1. Inform all other sysadmins that you have published your key
|
||||
2. Check that the key of other sysadmins is the correct one.
|
||||
|
||||
To perform the check, you need another communication channel (ideally physically, otherwise through the phone, Matrix if you already trusted the other person, etc.)
|
||||
|
||||
Once you trust someone, sign its key:
|
||||
|
||||
```bash
|
||||
gpg --edit-key email@example.com
|
||||
# or
|
||||
gpg --edit-key E9602264D639FF68
|
||||
# gpg> lsign
|
||||
# (say yes)
|
||||
# gpg> save
|
||||
```
|
||||
|
||||
Once you signed everybody, ask to a sysadmin to add your key to `<secrets>/.gpg-id` and then run:
|
||||
|
||||
```
|
||||
pass init -p deuxfleurs $(cat ~/.password-store/deuxfleurs/.gpg-id)
|
||||
cd ~/.password-store
|
||||
git commit
|
||||
git push
|
||||
```
|
||||
|
||||
Now you are ready to install `pass`:
|
||||
|
||||
```bash
|
||||
sudo apt-get install pass # Debian + Ubuntu
|
||||
sudo yum install pass # Fedora + RHEL
|
||||
sudo zypper in password-store # OpenSUSE
|
||||
sudo emerge -av pass # Gentoo
|
||||
sudo pacman -S pass # Arch Linux
|
||||
brew install pass # macOS
|
||||
pkg install password-store # FreeBSD
|
||||
```
|
||||
|
||||
*Go to [passwordstore.org](https://www.passwordstore.org/) for more information about pass*.
|
||||
|
||||
And then check that everything work:
|
||||
|
||||
```bash
|
||||
pass show deuxfleurs
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
---
|
||||
|
||||
## init
|
||||
|
||||
|
@ -66,6 +153,6 @@ cd ~/.password-store
|
|||
git clone https://git.example.com/org/repo.git deuxfleurs
|
||||
```
|
||||
|
||||
|
||||
## Ref
|
||||
|
||||
https://medium.com/@davidpiegza/using-pass-in-a-team-1aa7adf36592
|
||||
|
|
Loading…
Reference in a new issue