Mario Alegre
5 years ago
2 changed files with 103 additions and 0 deletions
@ -0,0 +1,103 @@ |
|||||
|
# install and configure password-manager |
||||
|
|
||||
|
## First device |
||||
|
|
||||
|
### install |
||||
|
|
||||
|
install: |
||||
|
``` |
||||
|
apt install pass |
||||
|
``` |
||||
|
|
||||
|
### generate key |
||||
|
|
||||
|
This only needs to be done once. You will then put the key in the git repository so it can be used across different devices. First, we will generate a gpg key: |
||||
|
``` |
||||
|
gpg --full-generate-key |
||||
|
``` |
||||
|
|
||||
|
### initialize pass |
||||
|
|
||||
|
Then, we initialize `pass` with the key we generated, and create a git repository as well: |
||||
|
``` |
||||
|
pass init ${gpg-id:?} |
||||
|
pass git init |
||||
|
``` |
||||
|
The `Comment` field, if unique, can be used to identify your key instead of having to give the key's fingerprint, so make sure to choose one that is unique and easy to use. |
||||
|
|
||||
|
### add key |
||||
|
|
||||
|
Next, we add our remote to push to: |
||||
|
``` |
||||
|
pass git remote add origin ${remote_url:?} |
||||
|
``` |
||||
|
and sync with git: |
||||
|
``` |
||||
|
pass git push --set-upstream origin master |
||||
|
``` |
||||
|
|
||||
|
### export keys |
||||
|
|
||||
|
We will export our key to a directory in the repository, so we can use the key across different devices. |
||||
|
``` |
||||
|
cd .password-store/ |
||||
|
mkdir .keys |
||||
|
cd .keys/ |
||||
|
gpg --export --armor ${gpg-id:?} > pubkey.asc |
||||
|
gpg --export-secret-keys --armor ${gpg-id:?} > privkey.asc |
||||
|
``` |
||||
|
Add the keys to the repository and push: |
||||
|
``` |
||||
|
pass git add .keys |
||||
|
pass git commit -m "added keys to repo" |
||||
|
pass git push |
||||
|
``` |
||||
|
If you want, [set up auto-sync](#set-up-auto-sync) for your repository. |
||||
|
|
||||
|
## subsequent devices |
||||
|
|
||||
|
### install |
||||
|
|
||||
|
``` |
||||
|
apt install pass |
||||
|
``` |
||||
|
|
||||
|
### clone repo |
||||
|
|
||||
|
``` |
||||
|
git clone ${repo_url:?} |
||||
|
``` |
||||
|
move: |
||||
|
``` |
||||
|
mv ${repo_dir:?} .password-store |
||||
|
``` |
||||
|
set permissions: |
||||
|
``` |
||||
|
chmod og-rwx .password-store |
||||
|
``` |
||||
|
|
||||
|
### import keys |
||||
|
|
||||
|
``` |
||||
|
cd .password-store/.keys |
||||
|
gpg --import pubkey.asc |
||||
|
gpg --import privkey.asc |
||||
|
``` |
||||
|
Tell GPG you trust the key: |
||||
|
``` |
||||
|
gpg --edit-key ${key_id:?} trust quit |
||||
|
``` |
||||
|
Answer `5` to tell GPG you trust the key ultimately, then `y` to confirm. |
||||
|
|
||||
|
## Set Up Auto-sync |
||||
|
|
||||
|
We will set up a cron job to synchronize keys with the git server every 15 minutes. |
||||
|
|
||||
|
Edit your crontab by running: |
||||
|
``` |
||||
|
crontab -e |
||||
|
``` |
||||
|
Add the job: |
||||
|
``` |
||||
|
*/15 * * * * pass git pull && pass git push |
||||
|
``` |
||||
Loading…
Reference in new issue