infra:hackerpass
Differences
This shows you the differences between two versions of the page.
| infra:hackerpass [2024/03/23 17:45] – created kfh | infra:hackerpass [2024/03/23 18:00] (current) – kfh | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | How to hackerpass | + | ====== |
| + | pass is the secret sharing infra we use at hackeriet. It's low effort, and every write becomes a commit. Since hackerpass is on a private repo, the README.md file from that repo is pasted below so others can benefit from the docs. | ||
| + | The name hackerpass is something someone chose at one time to separate from pass. Feel free to name your own non-hackeriet shared pass repo pinkfluffyunicornpass or something to avoid confusion. 🦄 | ||
| + | |||
| + | ---- | ||
| + | |||
| + | ===== Getting started ===== | ||
| + | |||
| + | You'll need a GPG key for this. Send your public key to someone who already has access to follow " | ||
| + | |||
| + | First install pass, then clone this repository into ~/ | ||
| + | |||
| + | |||
| + | < | ||
| + | git clone git@github.com: | ||
| + | </ | ||
| + | |||
| + | Then add the following alias to your .bashrc: | ||
| + | |||
| + | < | ||
| + | alias hackerpass=' | ||
| + | </ | ||
| + | |||
| + | And import the gpg keys: | ||
| + | |||
| + | < | ||
| + | for i in $(< | ||
| + | </ | ||
| + | |||
| + | To update the password database from this repo type: | ||
| + | |||
| + | < | ||
| + | hackerpass git pull | ||
| + | </ | ||
| + | |||
| + | ===== Addding a password ===== | ||
| + | |||
| + | Beware this repository leaks file name information to everyone with access to the repo. Generally use the FQDN as a file name unless it reveals something it should not. | ||
| + | |||
| + | < | ||
| + | hackerpass generate that-place-i-put-that-thing-one-time.com 28 | ||
| + | </ | ||
| + | |||
| + | Then remember to push the new password: | ||
| + | |||
| + | < | ||
| + | hackerpass git push | ||
| + | </ | ||
| + | |||
| + | ===== Adding a new user ===== | ||
| + | |||
| + | After you have the new users' PGP key in your keyring, reencrypt the whole repository adding the new key: | ||
| + | |||
| + | < | ||
| + | hackerpass init $(< | ||
| + | </ | ||
| + | |||
| + | And then push it: | ||
| + | |||
| + | < | ||
| + | hackerpass git push | ||
| + | </ | ||
| + | |||
| + | If you get the error message | ||
| + | |||
| + | < | ||
| + | gpg: <PGP key signature>: | ||
| + | gpg: [stdin]: encryption failed: Unusable public key | ||
| + | </ | ||
| + | |||
| + | then do: | ||
| + | |||
| + | < | ||
| + | gpg --lsign-key <PGP key signature> | ||
| + | </ | ||
| + | |||
| + | or if you don't have your certification key available, you can set the tofu policy for the keys: | ||
| + | |||
| + | < | ||
| + | gpg --tofu-policy good $(cat .hackeriet_pass/ | ||
| + | </ | ||
/srv/hackeriet-wiki/dokuwiki/data/attic/infra/hackerpass.1711215934.txt.gz · Last modified: by kfh