Hi Raulo,
On 08/22/2018 03:10 PM, Raulo Olapodrido wrote:
Hi list,
I would like to use Ansible's pass plugin to extend Ansible with a
flexible database for sensitive information (passwords, certificates etc).
This works very well(!) for a single user. By using gpg's group feature,
it is possible to encrypt entries for multiple users. Yay!
Still, the pass directory is in the user's own home directories, and
have to be pulled from/pushed to a common git repository, to be shared
with everyone.
That's not completely correct: The pass directory can be in /any/
location (the environment variable $PASSWORD_STORE_DIR controls this).
We use a password store within a group where the directory is in a
shared location (NFS mounted directory). That works fine and no
pull/push is required.
I always found the idea to share a password store by git unpractical. I
cannot imagine, that you don't get out of sync within a very, very short
time ;-)
Cheers
frank
While this is natural to some, some users not used to Git will have
problems, like forgetting to pull/push, and being unable to handle
conflicts.
Some of that can be made easier with automatic pull/push in ~/.bashrc
and ~/.bash_logout respectively. However, a common local directory seems
more approachable to me. The problem is, that newly created files get very
restrictive file permissions, and cannot be read by other users, even of
the same group.
I did not find remedies in the mailing list archive. Does anyone have an
idea what could be tried?
Thanks!
Raulo
_______________________________________________
Password-Store mailing list
Password-Store@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/password-store
_______________________________________________
Password-Store mailing list
Password-Store@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/password-store
