Re: What to do when someone leaves a team?
Oh, yes, that's for sure. You need to change everything, every password. I was just answering the question of how to remove a key id. Also, if using a shared remote repo, the write access must be revoked from beforehand, else the leaving user can re issue pass init... and add their key. Cheers ! On November 8, 2018 2:04:01 PM GMT-03:00, Kjetil Torgrim Homme wrote: >On 11/8/18 4:28 PM, HacKan wrote:> Simply issue pass init again with >the >new keylist, that's it :) > >not really, since the person who left the team can check out an old >copy >of the repository and use the key which was valid at that time to >decrypt all passwords. > >I am afraid all passwords must be changed to be sure. of course this >will always be true - that person could even have printed the passwords >and put them in a bank vault, where you can not get hold of them to >destroy the copy. > >-- >Kjetil T. Homme >Redpill Linpro AS - Changing the game -- HacKan || Iván___ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store
Re: What to do when someone leaves a team?
On 11/8/18 4:28 PM, HacKan wrote:> Simply issue pass init again with the new keylist, that's it :) not really, since the person who left the team can check out an old copy of the repository and use the key which was valid at that time to decrypt all passwords. I am afraid all passwords must be changed to be sure. of course this will always be true - that person could even have printed the passwords and put them in a bank vault, where you can not get hold of them to destroy the copy. -- Kjetil T. Homme Redpill Linpro AS - Changing the game signature.asc Description: OpenPGP digital signature ___ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store
Re: What to do when someone leaves a team?
Hi Gaspar! Simply issue pass init again with the new keylist, that's it :) Cheers! On November 8, 2018 9:28:20 AM GMT-03:00, "José Gaspar" wrote: >Hi, > >I have a quick question when using pass with multiple GPG keys. > >I like the idea using pass in my team and I wonder how pass deals when >someone leaves the team? >Let's say I supplied User X key in pass init and would like to remove >his >key when leaves the team so he cannot longer access any password. > >Thank you. > >Best regards, >Jose Gaspar -- HacKan || Iván -- HacKan || Iván -- HacKan || Iván -- HacKan || Iván___ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store
Re: What to do when someone leaves a team?
On 18-11-08 12:41:36, Kevin Lyda wrote: You should assume they have all the passwords in pass. So you'd want to remove their gpg key - I think you just do that with git init and then a list of the gpg id's you want to keep. Then you need to change all your passwords. Kevin Agreed, it's the only way to be sure. Even if you 100% know they don't have a copy (you don't!), it's still good practice to remove keys not in use. Minor correction, it's pass init. So: pass init key1 key2 key3 etc signature.asc Description: PGP signature ___ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store
Re: What to do when someone leaves a team?
You should assume they have all the passwords in pass. So you'd want to remove their gpg key - I think you just do that with git init and then a list of the gpg id's you want to keep. Then you need to change all your passwords. Kevin On Thu, Nov 8, 2018 at 12:29 PM José Gaspar wrote: > Hi, > > I have a quick question when using pass with multiple GPG keys. > > I like the idea using pass in my team and I wonder how pass deals when > someone leaves the team? > Let's say I supplied User X key in pass init and would like to remove his > key when leaves the team so he cannot longer access any password. > > Thank you. > > Best regards, > Jose Gaspar > ___ > Password-Store mailing list > Password-Store@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/password-store > ___ Password-Store mailing list Password-Store@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/password-store
