aboutsummaryrefslogtreecommitdiff
path: root/op_guide
diff options
context:
space:
mode:
authorQuentin Dufour <quentin@deuxfleurs.fr>2022-04-19 13:45:54 +0200
committerQuentin Dufour <quentin@deuxfleurs.fr>2022-04-19 13:46:12 +0200
commit501fbb55533c5db5b5a74978505d08e339611150 (patch)
tree24d4c4a44c533b0c64b8ba8b34b5cedd0e9f62e1 /op_guide
parentb2b26879cb6b038fb3b1514ad3ca7c07d9273ee4 (diff)
downloadinfrastructure-501fbb55533c5db5b5a74978505d08e339611150.tar.gz
infrastructure-501fbb55533c5db5b5a74978505d08e339611150.zip
Add doc for secrets
Diffstat (limited to 'op_guide')
-rw-r--r--op_guide/secrets/README.md71
1 files changed, 71 insertions, 0 deletions
diff --git a/op_guide/secrets/README.md b/op_guide/secrets/README.md
new file mode 100644
index 0000000..7c9fd65
--- /dev/null
+++ b/op_guide/secrets/README.md
@@ -0,0 +1,71 @@
+
+## init
+
+generate a new password store named deuxfleurs for you:
+
+```
+pass init -p deuxfleurs you@example.com
+```
+
+add a password in this store, it will be encrypted with your gpg key:
+
+```bash
+pass generate deuxfleurs/backup_nextcloud 20
+# or
+pass insert deuxfleurs/backup_nextcloud
+```
+
+## add a teammate
+
+edit `~/.password-store/acme/.gpg-id` and add the id of your friends:
+
+```
+alice@example.com
+jane@example.com
+bob@example.com
+```
+
+make sure that you trust the keys of your teammates:
+
+```
+$ gpg --edit-key jane@example.com
+gpg> lsign
+gpg> y
+gpg> save
+```
+
+Now re-encrypt the secrets:
+
+```
+pass init -p deuxfleurs $(cat ~/.password-store/deuxfleurs/.gpg-id)
+```
+
+They will now be able to decrypt the password:
+
+```
+pass deuxfleurs/backup_nextcloud
+```
+
+## sharing with git
+
+To create the repo:
+
+```bash
+cd ~/.password-store/deuxfleurs
+git init
+git add .
+git commit -m "Initial commit"
+# Set up remote
+git push
+```
+
+To setup the repo:
+
+```bash
+cd ~/.password-store
+git clone https://git.example.com/org/repo.git deuxfleurs
+```
+
+
+
+https://medium.com/@davidpiegza/using-pass-in-a-team-1aa7adf36592