# install and configure password-manager

## First device

### install

install:
```
apt install pass
```

### generate key

This only needs to be done once. You will then put the key in the git repository so it can be used across different devices. First, we will generate a gpg key:
```
gpg --full-generate-key
```

### initialize pass

Then, we initialize `pass` with the key we generated, and create a git repository as well:
```
pass init ${gpg-id:?}
pass git init
```
The `Comment` field, if unique, can be used to identify your key instead of having to give the key's fingerprint, so make sure to choose one that is unique and easy to use.

### add key

Next, we add our remote to push to:
```
pass git remote add origin ${remote_url:?}
```
and sync with git:
```
pass git push --set-upstream origin master
```

### export keys

We will export our key to a directory in the repository, so we can use the key across different devices.
```
cd .password-store/
mkdir .keys
cd .keys/
gpg --export --armor ${gpg-id:?} > pubkey.asc
gpg --export-secret-keys --armor ${gpg-id:?} > privkey.asc
```
Add the keys to the repository and push:
```
pass git add .keys
pass git commit -m "added keys to repo"
pass git push
```
If you want, [set up auto-sync](#set-up-auto-sync) for your repository.

## subsequent devices

### install

```
apt install pass
```

### clone repo

```
git clone ${repo_url:?}
```
move:
```
mv ${repo_dir:?} .password-store
```
set permissions:
```
chmod og-rwx .password-store
```

### import keys

```
cd .password-store/.keys
gpg --import pubkey.asc
gpg --import privkey.asc
```
Tell GPG you trust the key:
```
gpg --edit-key ${key_id:?} trust quit
```
Answer `5` to tell GPG you trust the key ultimately, then `y` to confirm.

## Set Up Auto-sync

We will set up a cron job to synchronize keys with the git server every 15 minutes.

Edit your crontab by running:
```
crontab -e
```
Add the job:
```
*/15 * *   *   *     pass git pull && pass git push
```