Hi Klaus, On Sat, Jun 12, 2021 at 2:44 PM Klaus Ethgen <klaus+gn...@ethgen.ch> wrote:
> You can combine multiple pass repositories into one using, for example, > git submodules. I used that over many years. Having a cron job that > committed all submodules changes in the top pass git automatically. > Thank you so much for your suggestion! I will see if I can automate this somehow without putting my private key (currently on a yubikey) on machine =) (If you - or anyone else - have got any tips/suggestions, I'm all ears)! > In pass, you can have different keys for each subtree. See the man page > for `pass init --path=sub-folder`. > This is indeed what "solves" my problem, but I fail to understand how I can utilize this. Maybe I'm interpreting the keyword "init" wrongly, but I was hoping to avoid "hand-crafted" aliases/the like to reference different subdirectories/trees of passwords. My `man pass init` says the following; > init [ --path=sub-folder, -p sub-folder ] gpg-id... > Initialize new password storage and use gpg-id for encryption. Multiple gpg-ids may be specified, in order to encrypt each password with multiple ids. This command must be run first before a password store can be used. If the specified gpg-id is different from > the key used in any existing files, these files will be reencrypted to use the new id. (...) If --path or -p is specified, along with an argument, a specific gpg-id or set of gpg-ids is assigned for that specific sub folder of the password store. (...) My workflow so far has been: 1. `pass init <my public gpg key>` 2. Add secrets I want to unlock with pass with this specific key. 3. Use `pass git` to sync between clients. So, in an attempt to clarify my confusion (nevermind the oxymoron that becomes); Are you supposed to `pass init --path <subfolder within $PASSWORD_STORE_DIR><gpg key(s)>` within an already established PASSWORD_STORE_DIR? Is this the missing link in my understanding? Something like this? ``` tree .password-store/ .password-store/ ├── accountX ├── accountY ├── accountZ ├── ASSOCIATE_MY_SPECIFIED_GPG_ID(S)_FOR_ALL_ITEMS_HERE_ON_DOWNWARDS ├── work-teamA │ └── ASSOCIATE_ABOVE_REFERENCED_GPG_ID(S)_AND_THOSE_OF_TEAM_A_FOR_ALL_ITEMS_HERE_ON_DOWNWARDS └── work-teamB └── ASSOCIATE_ABOVE_REFERENCED_GPG_ID(S)_AND_THOSE_OF_TEAM_B_FOR_ALL_ITEMS_HERE_ON_DOWNWARDS ``` -- Med vennlig hilsen/Kind regards, Christian Chavez Phone/Tlf: +47 922 22 603
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users