Secret Pass
Central Collection Point
To store the access data with the use of Git on a central host on the local network, the VCS must be installed there. If you use a preconfigured network-attached storage (NAS), look for the software in the NAS's package manager. One alternative is the use of an energy-saving Raspberry Pi for this task. With a minimal system, for example based on Raspbian Lite, you have an ideal computer as a remote station.
The host should preferably support login via Secure Shell. A separate article in this issue explains how to set up such a login and then configure SSH so that it suits your daily work schedule as effectively as possible.
In the following example, I assume you are running a Raspberry Pi as a NAS on the local network with hostname storage
. Now create the repository in the home directory of user pi. To do this, switch to the host (e.g., by SSH) and create a new repository first. The first command from Listing 2 creates a simple directory, and the second then initializes the repository.
Listing 2
Creating a Repository
$ mkdir -p repos/password-store $ git --bare init repos/password-store
Use the --bare
option to tell Git that this is not a working directory, but one where you can add commits or retrieve changes. This setup has the practical effect that the files that Git needs for administration are located directly in the folder, instead of in a hidden .git
directory below it.
To use the new central repository in the password manager, first make sure that the data in .password-store/
is under Git's control. You do this by typing pass git init
in a terminal. The VCS outputs the typical status messages.
The structure of the commands is basically always the same: You use Git's regular syntax but always prefix it with the program name pass
. This allows you to take full advantage of Git's features without much more configuration (see the "Tip" box).
Once you have initialized the local repository, add a remote repository with which you can exchange data. You do this with the commands from Listing 3.
Listing 3
Adding a Remote Repository
$ pass git init $ pass git remote add origin pi@storage:repos/password-store $ pass git push
When adding an external repository, first assign a name (origin
in the example) and append the appropriate URL to it. You can freely assign the name; origin
has just established itself as a convention. Finally, use the last command from Listing 3 to synchronize the remote target with the dataset from the local repository.
If you have also placed the local files on other computers under Git's control, you just need to configure the central computer as a host to integrate the respective files, as well.
If you want to retrieve the data from the central computer, simply type pass git pull
. You will then find the same encrypted files on the host in question as on the central computer. In other words, if you want to work with files from different computers, this system makes synchronization easy. However, it remains your responsibility to keep the GnuPG keys consistent across all hosts.
Conclusions
The Pass password manager lets you store as many different passwords as you like for different accounts, and you'll still only need one password to decrypt them all. Although the technology behind Pass is relatively simple – after all, it's just a shell script – the combination of mature components adds to the overall effect.
Git lets you synchronize different hosts via a shared repository: It should go without saying that a public repository is not suitable for storing passwords.
TIP
Make sure you don't forget the git
parameter; otherwise, Pass will attempt to reinitialize the password memory.
Infos
- Pass: https://www.passwordstore.org
- GnuPG: https://www.gnupg.org/gph/en/manual/book1.html
- "Unison: Data transfer" by Erik Bärwaldt, Ubuntu User, issue 8, 2011, p. 64
- Git: http://http//www.git-scm.org
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
![Learn More](https://www.linux-magazine.com/var/linux_magazin/storage/images/media/linux-magazine-eng-us/images/misc/learn-more/834592-1-eng-US/Learn-More_medium.png)
News
-
NVIDIA Released Driver for Upcoming NVIDIA 560 GPU for Linux
Not only has NVIDIA released the driver for its upcoming CPU series, it's the first release that defaults to using open-source GPU kernel modules.
-
OpenMandriva Lx 24.07 Released
If you’re into rolling release Linux distributions, OpenMandriva ROME has a new snapshot with a new kernel.
-
Kernel 6.10 Available for General Usage
Linus Torvalds has released the 6.10 kernel and it includes significant performance increases for Intel Core hybrid systems and more.
-
TUXEDO Computers Releases InfinityBook Pro 14 Gen9 Laptop
Sporting either AMD or Intel CPUs, the TUXEDO InfinityBook Pro 14 is an extremely compact, lightweight, sturdy powerhouse.
-
Google Extends Support for Linux Kernels Used for Android
Because the LTS Linux kernel releases are so important to Android, Google has decided to extend the support period beyond that offered by the kernel development team.
-
Linux Mint 22 Stable Delayed
If you're anxious about getting your hands on the stable release of Linux Mint 22, it looks as if you're going to have to wait a bit longer.
-
Nitrux 3.5.1 Available for Install
The latest version of the immutable, systemd-free distribution includes an updated kernel and NVIDIA driver.
-
Debian 12.6 Released with Plenty of Bug Fixes and Updates
The sixth update to Debian "Bookworm" is all about security mitigations and making adjustments for some "serious problems."
-
Canonical Offers 12-Year LTS for Open Source Docker Images
Canonical is expanding its LTS offering to reach beyond the DEB packages with a new distro-less Docker image.
-
Plasma Desktop 6.1 Released with Several Enhancements
If you're a fan of Plasma Desktop, you should be excited about this new point release.