[SAC] password store
Sandro Santilli
strk at kbt.io
Wed Mar 16 11:56:28 PDT 2022
On Wed, Mar 16, 2022 at 02:45:58PM -0400, Regina Obe wrote:
> >
> > https://git.osgeo.org/gitea/sac/password-store
> I like the idea. Just a couple of questions/ concerns.
>
> 1) The access folder contains more than just passwords, it also contains
> things like urls and such where one would log into to use those passwords
> Would the idea be we'd always have these in wiki.
The pass tool supports this, see the "Data Organization" section
on https://www.passwordstore.org/ - we can put it in the same file
with the password
> 2) The GPG setup. So just thinking thru the management of this.
>
> SAC person comes -- we add their GPG
> SAC person leaves - we remove their GPG?
>
> Is that how it works or am I missing something.
More or less, yes..
Of course upon "SAC person leaves" all the existing passwords
will need to be considered "leaked" (to the leaving person)
so eventually need to be recreated.
On a technical detail, when we remove their GPG I believe we
also need to "rekey" (re-encrypt) the all the files, although
it's kind of a moot point until the passwords are changed.
--strk;
More information about the Sac
mailing list