Pass: Difference between revisions

From DWIKI
(pass git shared)
 
(17 intermediate revisions by the same user not shown)
Line 2: Line 2:


=Links=
=Links=
*[http://www.tricksofthetrades.net/2015/07/04/notes-pass-unix-password-manager/ Notes on pass]
*[http://www.passwordstore.org/ Homepage]
*[http://www.passwordstore.org/ Homepage]
*[https://sig-io.nl/?p=399 Read passwords from the 'pass' passwordstore into ansible]
*http://superuser.com/questions/520980/how-to-force-gpg-to-use-console-mode-pinentry-to-prompt-for-passwords
=Getting started=
pass init me@example.com
where me@example.com is the ID used for your gpg key


=Setting up a shared pass git repository=
=Setting up a shared pass git repository=
Line 19: Line 31:
  gpg --gen-key
  gpg --gen-key


and import pubkey of other user:
and import pubkey(s) of other user(s):
  gpg --import hisid
  gpg --import hisid


To make gpg use group, add to .gnupg/gpg.conf:
To make gpg use group, add to .gnupg/gpg.conf:
  group ourgroup yourid hisid
  group ourgroup yourid hisid
default-key <your key id> [[Gpg#What_is_my_key_ID.3F|?]]
Slightly less secure but very convenient:
ssh-keygen
and then add .ssh/id_rsa.pub to .ssh/authorized_keys on server


Then init pass:
Then init pass:
If you use groups:
  pass init ourgroup
  pass init ourgroup
  pass git init
  pass git init
  pass git add remote origin passuser@pass.example.com
  pass git remote add origin passuser@pass.example.com
pass git push --set-upstream origin master
  pass git push
  pass git push


Line 36: Line 60:
  pass git push
  pass git push


and on other system
pass git pull


On system of hisid you run the same pass init/git instructions, and then
 
  pass git pull
On another system you can clone then:
  git clone pass.example.com:pass-git .password-store
 
ACHTUNG any user who edits or adds keys needs the public keys of all group members!
 
==additional commands==
 
=Clients=
*[https://github.com/zeapo/Android-Password-Store/ Android client]
*https://qtpass.org/
*[https://github.com/mbos/Pass4Win Windows client]
 
{{ Category:security }}

Latest revision as of 15:10, 10 November 2016

Simple password manager using gpg

Links

Getting started

pass init me@example.com

where me@example.com is the ID used for your gpg key



Setting up a shared pass git repository

On server pass.example.com create user passuser Then as this user:

mkdir pass.git
git init --bare pass.git


On your workstation:

If you don't already have gpg key:

gpg --gen-key

and import pubkey(s) of other user(s):

gpg --import hisid

To make gpg use group, add to .gnupg/gpg.conf:

group ourgroup yourid hisid
default-key <your key id> ?

Slightly less secure but very convenient:

ssh-keygen

and then add .ssh/id_rsa.pub to .ssh/authorized_keys on server


Then init pass: If you use groups:

pass init ourgroup


pass git init
pass git remote add origin passuser@pass.example.com
pass git push --set-upstream origin master
pass git push


Now all it takes to add keys is:

pass add someserver/someaccount
pass git push

and on other system

pass git pull


On another system you can clone then:

git clone pass.example.com:pass-git .password-store

ACHTUNG any user who edits or adds keys needs the public keys of all group members!

additional commands

Clients

Security related stuff