1.9 KiB
install and configure password-manager
First device
install
install:
apt install pass
generate key
This only needs to be done once. You will then put the key in the git repository so it can be used across different devices. First, we will generate a gpg key:
gpg --full-generate-key
initialize pass
Then, we initialize pass with the key we generated, and create a git repository as well:
pass init ${gpg-id:?}
pass git init
The Comment field, if unique, can be used to identify your key instead of having to give the key's fingerprint, so make sure to choose one that is unique and easy to use.
add key
Next, we add our remote to push to:
pass git remote add origin ${remote_url:?}
and sync with git:
pass git push --set-upstream origin master
export keys
We will export our key to a directory in the repository, so we can use the key across different devices.
cd .password-store/
mkdir .keys
cd .keys/
gpg --export --armor ${gpg-id:?} > pubkey.asc
gpg --export-secret-keys --armor ${gpg-id:?} > privkey.asc
Add the keys to the repository and push:
pass git add .keys
pass git commit -m "added keys to repo"
pass git push
If you want, set up auto-sync for your repository.
subsequent devices
install
apt install pass
clone repo
git clone ${repo_url:?}
move:
mv ${repo_dir:?} .password-store
set permissions:
chmod og-rwx .password-store
import keys
cd .password-store/.keys
gpg --import pubkey.asc
gpg --import privkey.asc
Tell GPG you trust the key:
gpg --edit-key ${key_id:?} trust quit
Answer 5 to tell GPG you trust the key ultimately, then y to confirm.
Set Up Auto-sync
We will set up a cron job to synchronize keys with the git server every 15 minutes.
Edit your crontab by running:
crontab -e
Add the job:
*/15 * * * * pass git pull && pass git push