diff options
| author | Quentin Dufour <quentin@deuxfleurs.fr> | 2022-04-19 13:45:54 +0200 |
|---|---|---|
| committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2022-04-19 13:46:12 +0200 |
| commit | 501fbb55533c5db5b5a74978505d08e339611150 (patch) | |
| tree | 24d4c4a44c533b0c64b8ba8b34b5cedd0e9f62e1 | |
| parent | b2b26879cb6b038fb3b1514ad3ca7c07d9273ee4 (diff) | |
| download | infrastructure-501fbb55533c5db5b5a74978505d08e339611150.tar.gz infrastructure-501fbb55533c5db5b5a74978505d08e339611150.zip | |
Add doc for secrets
| -rw-r--r-- | op_guide/secrets/README.md | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/op_guide/secrets/README.md b/op_guide/secrets/README.md new file mode 100644 index 0000000..7c9fd65 --- /dev/null +++ b/op_guide/secrets/README.md @@ -0,0 +1,71 @@ + +## init + +generate a new password store named deuxfleurs for you: + +``` +pass init -p deuxfleurs you@example.com +``` + +add a password in this store, it will be encrypted with your gpg key: + +```bash +pass generate deuxfleurs/backup_nextcloud 20 +# or +pass insert deuxfleurs/backup_nextcloud +``` + +## add a teammate + +edit `~/.password-store/acme/.gpg-id` and add the id of your friends: + +``` +alice@example.com +jane@example.com +bob@example.com +``` + +make sure that you trust the keys of your teammates: + +``` +$ gpg --edit-key jane@example.com +gpg> lsign +gpg> y +gpg> save +``` + +Now re-encrypt the secrets: + +``` +pass init -p deuxfleurs $(cat ~/.password-store/deuxfleurs/.gpg-id) +``` + +They will now be able to decrypt the password: + +``` +pass deuxfleurs/backup_nextcloud +``` + +## sharing with git + +To create the repo: + +```bash +cd ~/.password-store/deuxfleurs +git init +git add . +git commit -m "Initial commit" +# Set up remote +git push +``` + +To setup the repo: + +```bash +cd ~/.password-store +git clone https://git.example.com/org/repo.git deuxfleurs +``` + + + +https://medium.com/@davidpiegza/using-pass-in-a-team-1aa7adf36592 |