So I have experimented a little more with multiple user and multiple store support. The problem I am seeing is that this requires significant configuration on the client side to work properly. Furthermore, it requires configuration that cannot be shipped with the git repository...
From what I understand, for my team password manager to work, *every*
member of the team must do the following:
1. configure the team in their gpg.conf:
echo 'group team=8DC901CE64146C048AD50FBB792152527B75921E
1F1214952C960401DF7B1C679A8F41050B64804A' >> ~/.gnupg/gpg.conf
2. setup an alias for the repository:
echo 'alias tpass="PASSWORD_STORE_DIR=$HOME/.password-store/team pass"' >>
~/.bashrc
note that those instructions can vary according to the shell of the
user..
3. optionnally, fix bash completion:
echo 'complete -o filenames -o nospace -F _pass tpass' >> ~/.bashrc
I see several problems with this approach.
1. if the gpg.conf gets changed on *one* of the members of the team, it
doesn't necessarily update it on all the members configuration, and
things can get desynchronised quickly.
2. the need for special configuration on client-side is error-prone and
will limit adoption
I recommend that:
1. the team can be defined in the .gpgid file - say it's one entry per
line or something
2. the PASSWORD_STORE_DIR can be passed as an argument instead of an
environment variable
This will remove the need for client-side configuration and will make
sure the configuration is always in sync, as it is stored in the
repository.
I could work on such a patch if people are open to the idea.
Thoughts?
A.
--
Antoine Beaupré +++ Réseau Koumbit Networks +++ +1.514.387.6262 #208
--------------------------------------------------------------------
pgpYcHvzGZjPq.pgp
Description: PGP signature
_______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/listinfo.cgi/password-store-zx2c4.com
