From a5a69bf7901f51d2f6a330414908d6f4de68deb5 Mon Sep 17 00:00:00 2001
From: Mario Alegre <mario@git.alemor.org>
Date: Sun, 31 May 2020 18:19:29 -0500
Subject: [PATCH] added pass howto

---
 .../{acme.sh.md => acme-sh.md}                |   0
 linux/password-store/install.md               | 103 ++++++++++++++++++
 2 files changed, 103 insertions(+)
 rename linux/letsencrypt-haproxy/{acme.sh.md => acme-sh.md} (100%)
 create mode 100644 linux/password-store/install.md

diff --git a/linux/letsencrypt-haproxy/acme.sh.md b/linux/letsencrypt-haproxy/acme-sh.md
similarity index 100%
rename from linux/letsencrypt-haproxy/acme.sh.md
rename to linux/letsencrypt-haproxy/acme-sh.md
diff --git a/linux/password-store/install.md b/linux/password-store/install.md
new file mode 100644
index 0000000..47a5a40
--- /dev/null
+++ b/linux/password-store/install.md
@@ -0,0 +1,103 @@
+# install and configure password-manager
+
+## First device
+
+### install
+
+install:
+```
+apt install pass
+```
+
+### generate key
+
+This only needs to be done once. You will then put the key in the git repository so it can be used across different devices. First, we will generate a gpg key:
+```
+gpg --full-generate-key
+```
+
+### initialize pass
+
+Then, we initialize `pass` with the key we generated, and create a git repository as well:
+```
+pass init ${gpg-id:?}
+pass git init
+```
+The `Comment` field, if unique, can be used to identify your key instead of having to give the key's fingerprint, so make sure to choose one that is unique and easy to use.
+
+### add key
+
+Next, we add our remote to push to:
+```
+pass git remote add origin ${remote_url:?}
+```
+and sync with git:
+```
+pass git push --set-upstream origin master
+```
+
+### export keys
+
+We will export our key to a directory in the repository, so we can use the key across different devices.
+```
+cd .password-store/
+mkdir .keys
+cd .keys/
+gpg --export --armor ${gpg-id:?} > pubkey.asc
+gpg --export-secret-keys --armor ${gpg-id:?} > privkey.asc
+```
+Add the keys to the repository and push:
+```
+pass git add .keys
+pass git commit -m "added keys to repo"
+pass git push
+```
+If you want, [set up auto-sync](#set-up-auto-sync) for your repository.
+
+## subsequent devices
+
+### install
+
+```
+apt install pass
+```
+
+### clone repo
+
+```
+git clone ${repo_url:?}
+```
+move:
+```
+mv ${repo_dir:?} .password-store
+```
+set permissions:
+```
+chmod og-rwx .password-store
+```
+
+### import keys
+
+```
+cd .password-store/.keys
+gpg --import pubkey.asc
+gpg --import privkey.asc
+```
+Tell GPG you trust the key:
+```
+gpg --edit-key ${key_id:?} trust quit
+```
+Answer `5` to tell GPG you trust the key ultimately, then `y` to confirm.
+
+## Set Up Auto-sync
+
+We will set up a cron job to synchronize keys with the git server every 15 minutes.
+
+Edit your crontab by running:
+```
+crontab -e
+```
+Add the job:
+```
+*/15 * *   *   *     pass git pull && pass git push
+```