[SAC] password store
Regina Obe
lr at pcorp.us
Wed Mar 16 13:03:47 PDT 2022
> The pass tool supports this, see the "Data Organization" section on
> https://www.passwordstore.org/ - we can put it in the same file with the
> password
>
> > 2) The GPG setup. So just thinking thru the management of this.
> >
> > SAC person comes -- we add their GPG
> > SAC person leaves - we remove their GPG?
> >
> > Is that how it works or am I missing something.
>
> More or less, yes..
>
> Of course upon "SAC person leaves" all the existing passwords will need to
> be considered "leaked" (to the leaving person) so eventually need to be
> recreated.
>
> On a technical detail, when we remove their GPG I believe we also need to
> "rekey" (re-encrypt) the all the files, although it's kind of a moot point
until
> the passwords are changed.
>
> --strk;
[Regina Obe]
I guess it would be more common for gpg keys to change.
1) So in the case say - hey a gpg expires and is not renewed, what happens?
Do we need to do anything
2) In case where someone for whatever reason decides they want to use a new
gpg key
In that case we just remove right, we don't need to reset all the passwords,
just re-encrypt the files?
More information about the Sac
mailing list