Secret Pass
Central Collection Point
To store the access data with the use of Git on a central host on the local network, the VCS must be installed there. If you use a preconfigured network-attached storage (NAS), look for the software in the NAS's package manager. One alternative is the use of an energy-saving Raspberry Pi for this task. With a minimal system, for example based on Raspbian Lite, you have an ideal computer as a remote station.
The host should preferably support login via Secure Shell. A separate article in this issue explains how to set up such a login and then configure SSH so that it suits your daily work schedule as effectively as possible.
In the following example, I assume you are running a Raspberry Pi as a NAS on the local network with hostname storage
. Now create the repository in the home directory of user pi. To do this, switch to the host (e.g., by SSH) and create a new repository first. The first command from Listing 2 creates a simple directory, and the second then initializes the repository.
Listing 2
Creating a Repository
$ mkdir -p repos/password-store $ git --bare init repos/password-store
Use the --bare
option to tell Git that this is not a working directory, but one where you can add commits or retrieve changes. This setup has the practical effect that the files that Git needs for administration are located directly in the folder, instead of in a hidden .git
directory below it.
To use the new central repository in the password manager, first make sure that the data in .password-store/
is under Git's control. You do this by typing pass git init
in a terminal. The VCS outputs the typical status messages.
The structure of the commands is basically always the same: You use Git's regular syntax but always prefix it with the program name pass
. This allows you to take full advantage of Git's features without much more configuration (see the "Tip" box).
Once you have initialized the local repository, add a remote repository with which you can exchange data. You do this with the commands from Listing 3.
Listing 3
Adding a Remote Repository
$ pass git init $ pass git remote add origin pi@storage:repos/password-store $ pass git push
When adding an external repository, first assign a name (origin
in the example) and append the appropriate URL to it. You can freely assign the name; origin
has just established itself as a convention. Finally, use the last command from Listing 3 to synchronize the remote target with the dataset from the local repository.
If you have also placed the local files on other computers under Git's control, you just need to configure the central computer as a host to integrate the respective files, as well.
If you want to retrieve the data from the central computer, simply type pass git pull
. You will then find the same encrypted files on the host in question as on the central computer. In other words, if you want to work with files from different computers, this system makes synchronization easy. However, it remains your responsibility to keep the GnuPG keys consistent across all hosts.
Conclusions
The Pass password manager lets you store as many different passwords as you like for different accounts, and you'll still only need one password to decrypt them all. Although the technology behind Pass is relatively simple – after all, it's just a shell script – the combination of mature components adds to the overall effect.
Git lets you synchronize different hosts via a shared repository: It should go without saying that a public repository is not suitable for storing passwords.
TIP
Make sure you don't forget the git
parameter; otherwise, Pass will attempt to reinitialize the password memory.
Infos
- Pass: https://www.passwordstore.org
- GnuPG: https://www.gnupg.org/gph/en/manual/book1.html
- "Unison: Data transfer" by Erik Bärwaldt, Ubuntu User, issue 8, 2011, p. 64
- Git: http://http//www.git-scm.org
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs