Re: [pass] Add 'Change Dir' Functionality
On 18/09/2016 22:15, Lucas Hoffmann wrote: Quoting Brian Candler (2016-09-18 17:54:21) >Another option I would like to see is to be able to use multiple git >repos within the tree. Did you read my response before yours? Do you know about git submodules? Maybe they can help you. I didn't have a chance to try it out until now, but now I have. TL;DR: it doesn't work. Long version: let's try it in full. Make three repos, clone them, add them to an outer unified repo, and then run password-store in that. $ mkdir /tmp/foo /tmp/bar /tmp/baz $ for i in /tmp/foo /tmp/bar /tmp/baz; do (cd $i && git init .); done Initialized empty Git repository in /private/tmp/foo/.git/ Initialized empty Git repository in /private/tmp/bar/.git/ Initialized empty Git repository in /private/tmp/baz/.git/ $ for i in /tmp/foo /tmp/bar /tmp/baz; do (PASSWORD_STORE_DIR=$i pass init b.cand...@pobox.com); done Password store initialized for b.cand...@pobox.com ... $ PASSWORD_STORE_DIR=/tmp/foo pass edit one ... $ PASSWORD_STORE_DIR=/tmp/bar pass edit two ... $ PASSWORD_STORE_DIR=/tmp/baz pass edit three ... $ PASSWORD_STORE_DIR=/tmp/foo pass one You need a passphrase to unlock the secret key for user: "Brian Candler " ... ONE OK so far. Now to create a new repo with three submodules: $ mkdir /tmp/unified $ cd /tmp/unified $ git init . Initialized empty Git repository in /private/tmp/unified/.git/ $ git submodule add /tmp/foo Cloning into 'foo'... done. $ git submodule add /tmp/bar Cloning into 'bar'... done. $ git submodule add /tmp/baz Cloning into 'baz'... done. $ git commit -m 'Added submodules' [master (root-commit) c89167a] Added submodules 4 files changed, 12 insertions(+) create mode 100644 .gitmodules create mode 16 bar create mode 16 baz create mode 16 foo $ PASSWORD_STORE_DIR=/tmp/unified pass list Password Store ├── bar │ └── two ├── baz │ └── three └── foo └── one $ PASSWORD_STORE_DIR=/tmp/unified pass foo/one You need a passphrase to unlock the secret key for user: "Brian Candler " ... ONE Again no problem: reading a password works fine. But what about when you want to edit one? $ PASSWORD_STORE_DIR=/tmp/unified pass edit foo/one You need a passphrase to unlock the secret key for user: "Brian Candler " 2048-bit ELG-E key, ID B4439488, created 2008-06-30 (main key ID EBF0ECF0) You need a passphrase to unlock the secret key for user: "Brian Candler " 2048-bit ELG-E key, ID B4439488, created 2008-06-30 (main key ID EBF0ECF0) *fatal: Pathspec '/tmp/unified/foo/one.gpg' is in submodule 'foo'** * So it's broken. My guess is it's trying to do a "git add" from the outer repo, when the modified file is in the inner repo. Checking the status by hand: $ cd /tmp/unified $ git status On branch master Changes not staged for commit: (use "git add ..." to update what will be committed) (use "git checkout -- ..." to discard changes in working directory) (commit or discard the untracked or modified content in submodules) modified: foo (modified content) no changes added to commit (use "git add" and/or "git commit -a") $ cd /tmp/unified/foo $ git status On branch master Your branch is up-to-date with 'origin/master'. Changes not staged for commit: (use "git add ..." to update what will be committed) (use "git checkout -- ..." to discard changes in working directory) modified: one.gpg no changes added to commit (use "git add" and/or "git commit -a") In summary: whatever password-store is doing, it doesn't work with submodules. I am able to fix it up by doing commits separately in the inner repo and the outer one: $ cd /tmp/unified/foo/ $ git commit -am 'Updated foo' [master 60e939b] Updated foo 1 file changed, 0 insertions(+), 0 deletions(-) rewrite one.gpg (100%) $ cd /tmp/unified/ $ git status On branch master Changes not staged for commit: (use "git add ..." to update what will be committed) (use "git checkout -- ..." to discard changes in working directory) modified: foo (new commits) no changes added to commit (use "git add" and/or "git commit -a") $ git commit -am 'Updated unified' [master 564b675] Updated unified 1 file changed, 1 insertion(+), 1 deletion(-) Note: I have not yet tested "git push"; that would require the target to be a bare repo, so the test environment would have to be set up a bit differently. But again, I would expect to have to do a "git push" within the inner repo, *and* a "git push" within the outer one. (Actually the outer repo is just holding pointers to the inner ones, so it doesn't matter that much. What matters is doing a git push on the inner ones) According to https://git-scm.com/book/en/v2/Git-Tools-Submodules, I think this might be possible using the "--recurse-submodules=on-demand" flag - but password-store doesn't invoke that. Regards, Brian. ___ Password-Store mailing list Password-Store@lists.zx2c4.com http://lists.zx2c4.com/mailm
Re: [pass] Add 'Change Dir' Functionality
I'm using a shell script with the following contents: ``` #!/usr/bin/env bash # This script needs to be sourced to affect the user's environment. repo_name=$1 if [[ -z "$repo_name" ]]; then echo "Error: No repo name was specified." return 1 fi repo_path="$HOME/.password-store/$repo_name" if [[ ! -d "$repo_path" ]]; then echo "Error: No Pass sub-directory with the name '$repo_name' exists." return 1 fi export PASSWORD_STORE_GIT="$repo_path" export PASSWORD_STORE_DIR="$repo_path" echo "Switched to repo '$repo_name'!" ``` I named the script *pass-switch-repo.bash* and keep it in *~/bin*. Note that you have to source the script for the changes it makes to the environment variables to affect your current shell session, i.e. run `. ~/bin/pass-switch-repo.bash the-name-of-a-repo`. You can still use Pass without having run (sourced) the script but the `pass git ...` commands won't work (unless you've also setup your Pass root directory as a Git repo). On Mon, Sep 19, 2016 at 6:00 AM, wrote: > Send Password-Store mailing list submissions to > password-store@lists.zx2c4.com > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.zx2c4.com/mailman/listinfo/password-store > or, via email, send a message with subject or body 'help' to > password-store-requ...@lists.zx2c4.com > > You can reach the person managing the list at > password-store-ow...@lists.zx2c4.com > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Password-Store digest..." > > > Today's Topics: > >1. Add 'Change Dir' Functionality (Jakob Holderbaum) >2. Re: Add 'Change Dir' Functionality (Lucas Hoffmann) >3. Re: Add 'Change Dir' Functionality (Brian Candler) > > > -- > > Message: 1 > Date: Sun, 18 Sep 2016 13:52:19 +0200 > From: Jakob Holderbaum > To: password-store@lists.zx2c4.com > Subject: [pass] Add 'Change Dir' Functionality > Message-ID: <20160918115219.ga10...@steppenwolf.fritz.box> > Content-Type: text/plain; charset="us-ascii" > > Hi pass Team, > > first and foremost, thanks for this great tool! > We are currently using it at several client projects for storing shared > team secrets like production credentials. > > This also means, that a rather often use-case is to call pass on different > password directories. Setting PASSWORD_STORE_DIR individually for every > call sometimes feels a bit awkward and let here and there even to mistakes. > > So I wan't to implement and submit a patch that basically implements the > same 'Change Dir' functionality as it has been done for 'make' and 'git'. > > Both tools allow to specify the optional working dir with -C in front of > the actual command. For example: > > `git -C ~/dev/dotfiles status` > > or > > `make -C ./build test` > > Wouldn't it be great if pass could provide the same interface: > > `pass -C ./secrets show production/database_password` > > instead of > > `PASSWORD_STORE_DIR=./secrets pass show production/database_password` > > If you think this would be a valuable extension, I would happily provide a > patch for that. > > By the way, do you have any guidelines for submitting patches? I skimmed > the pass website but could not find any. > > Thanks in advance! > > Cheers > Jakob > -- > Jakob Holderbaum > > http://jakob.io/ | ja...@holderbaum.io > ------ next part -- > A non-text attachment was scrubbed... > Name: signature.asc > Type: application/pgp-signature > Size: 801 bytes > Desc: not available > URL: <http://lists.zx2c4.com/pipermail/password-store/ > attachments/20160918/bbd5d700/attachment-0001.asc> > > -- > > Message: 2 > Date: Sun, 18 Sep 2016 15:34:10 +0200 > From: Lucas Hoffmann > To: password-store@lists.zx2c4.com > Subject: Re: [pass] Add 'Change Dir' Functionality > Message-ID: <147420565065.6026.9624702959976314684@mbp> > Content-Type: text/plain; charset="utf-8" > > Quoting Jakob Holderbaum (2016-09-18 13:52:19) > > We are currently using it at several client projects for storing > > shared team secrets like production credentials. > > > > This also means, that a rather often use-case is to call pass on > > different password directories. Setting PASSWORD_STORE_DIR > > individually for every call sometimes feels a bit awkward and let h
Re: [pass] Add 'Change Dir' Functionality
On 18/09/2016 12:52, Jakob Holderbaum wrote: Both tools allow to specify the optional working dir with -C in front of the actual command. For example: `git -C ~/dev/dotfiles status` or `make -C ./build test` Wouldn't it be great if pass could provide the same interface: `pass -C ./secrets show production/database_password` Another option I would like to see is to be able to use multiple git repos within the tree. This could then be combined with symlinks: e.g. .password_store/secrets -> /home/me/secrets .password_store/customer1 -> /home/me/customers/one/password_store Then you could do: pass show secrets/production/database_password as if it were were a single pass tree (but actually commits would take place within secrets/.git) Regards, Brian. ___ Password-Store mailing list Password-Store@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/password-store
Re: [pass] Add 'Change Dir' Functionality
Quoting Jakob Holderbaum (2016-09-18 13:52:19) > We are currently using it at several client projects for storing > shared team secrets like production credentials. > > This also means, that a rather often use-case is to call pass on > different password directories. Setting PASSWORD_STORE_DIR > individually for every call sometimes feels a bit awkward and let here > and there even to mistakes. > > So I wan't to implement and submit a patch that basically implements > the same 'Change Dir' functionality as it has been done for 'make' and > 'git'. There where similar questions on the list before (can't give you the link right now, you have to search the archives yourself) but one proposed solution was to define aliases in your shell: alias pass-team1='PASSWORD_STORE_DIR=/somewhere/team1 pass' alias pass-team2='PASSWORD_STORE_DIR=/somewhere/team2 pass' Or you can use subfolders in PASSWORD_STORE_DIR with different gpg ids and use something like git subtree or submodule to manage that (just in case you did not know, see man page). Lucas signature.asc Description: signature ___ Password-Store mailing list Password-Store@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/password-store
[pass] Add 'Change Dir' Functionality
Hi pass Team, first and foremost, thanks for this great tool! We are currently using it at several client projects for storing shared team secrets like production credentials. This also means, that a rather often use-case is to call pass on different password directories. Setting PASSWORD_STORE_DIR individually for every call sometimes feels a bit awkward and let here and there even to mistakes. So I wan't to implement and submit a patch that basically implements the same 'Change Dir' functionality as it has been done for 'make' and 'git'. Both tools allow to specify the optional working dir with -C in front of the actual command. For example: `git -C ~/dev/dotfiles status` or `make -C ./build test` Wouldn't it be great if pass could provide the same interface: `pass -C ./secrets show production/database_password` instead of `PASSWORD_STORE_DIR=./secrets pass show production/database_password` If you think this would be a valuable extension, I would happily provide a patch for that. By the way, do you have any guidelines for submitting patches? I skimmed the pass website but could not find any. Thanks in advance! Cheers Jakob -- Jakob Holderbaum http://jakob.io/ | ja...@holderbaum.io signature.asc Description: PGP signature ___ Password-Store mailing list Password-Store@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/password-store
