[SAC] password store

[Regina Obe]

> The "passwordstore" tool comes as a unix commandline (pass) distributed
> pretty much on all standard free u*x systems.
> 
> The idea is to replace the "access" directory we currently have on the
> "secure" host with a "password store" directory.
> The change would be that the files would be stored encrypted rather than
in
> plain-text, and so all SAC members would need to provide a GPG key to use
> for such encryption.
> 
> Internally, the encryption will be done using a symmetric key and the
> symmetric key itself will be encrypted multiple times with the key of each
> SAC member. I've tested this with Jurgen and it seems to work pretty
> smoothly.
> 
> Such "password store" could then be distributed in a git repository, which
> I've started here:
> 
>     https://git.osgeo.org/gitea/sac/password-store
> 
> The repository is also "private" so you need to be a SAC member to access
it.
> If you like the idea, please provide your GPG public key, maybe filing an
issue
> on the above repository, and start experimenting with it.
> 
> Thanks
> 
> --strk;
[Regina Obe] 

I like the idea.  Just a couple of questions/ concerns.

1) The access folder contains more than just passwords, it also contains
things like urls and such where one would log into to use those passwords
Would the idea be we'd always have these in wiki.

I like that information being close to the passwords though as it's easier
to reconcile.
I read the convention is to store these kind of things in a hierarchy, but
given that the hierarchy can't easily handle cases such as a password used
in multiple locations, I think a file detailing locations where this is used
is still needed.

2) The GPG setup.  So just thinking thru the management of this.

SAC person comes -- we add their GPG

SAC person leaves - we remove their GPG?

Is that how it works or am I missing something.  

Thanks,
Regina