top | item 34177462

(no title)

I consider the flexibility of pass(1) to be one of the best features. In my case, I use a hierarchy to manage secrets across different orgs and classifications. The structure I use is:[ORGANIZATION]/[CLASSIFICATION]/[SITE|APP]/[USER]

e.g.: Personal/Confidential/google.com/pjungwir@gmail.com Client1/Secret/google.com/pjungwir@example.com

The folder structure allows for different keys to be used in .gpg-id files, so secret access can be limited on different devices based on which keys are available. For example, only a subset of keys are available on my android phone via the Password Store app from F-Droid, with all devices using a shared password-store synced using git(1).

Completion with bash works well (on Fedora) and following the convention of having the password on the first line allows for the android app to work and you don't need to worry about someone looking over your shoulder by using 'pass -c ...'.

discuss

pjungwir|3 years ago

This sounds like a very nice system, and I'll give it a try. I'm already using git to keep things synced between my desktop and my laptop. I've never even attempted syncing to my phone, but if I do that giving access to only a subset of the keys sounds great.