[SAC] password store
Sandro Santilli
strk at kbt.io
Wed Mar 16 03:29:10 PDT 2022
Hi all, I've been thinking about replacing our manually crafted
solution for sharing osgeo secrets with a standard tool based
on GPG: https://www.passwordstore.org
The "passwordstore" tool comes as a unix commandline (pass)
distributed pretty much on all standard free u*x systems.
The idea is to replace the "access" directory we currently
have on the "secure" host with a "password store" directory.
The change would be that the files would be stored encrypted
rather than in plain-text, and so all SAC members would need
to provide a GPG key to use for such encryption.
Internally, the encryption will be done using a symmetric key
and the symmetric key itself will be encrypted multiple times
with the key of each SAC member. I've tested this with Jurgen
and it seems to work pretty smoothly.
Such "password store" could then be distributed in a git
repository, which I've started here:
https://git.osgeo.org/gitea/sac/password-store
The repository is also "private" so you need to be a SAC member
to access it. If you like the idea, please provide your GPG
public key, maybe filing an issue on the above repository,
and start experimenting with it.
Thanks
--strk;
More information about the Sac
mailing list