Automation Ninja's Dojo

GPG secured passwords in git using pass

It might happen that for your working environment you need to store passwords securely. Nowadays many people is using ‘cloud’ solutions – but as you do well know cloud is nothing else than ‘someone’s else computer’ 😉 . Having that said that limits options you have available. As this is point of preference I will try not to get into discussion of ‘the best solution’ but will just show you what I have been using and what I really liked a lot.

Solution is called pass and is available on the website https://www.passwordstore.org/

So let’s go ahead and install this on our machine – installation steps are nicely outlined on the product page so here I will just focus on CentOs

As you might have seen from documentation you will need your GPG key(s) – for this demo I have created dummy one

 

Let’s go ahead and initialise our pass with GPG key I have created.

 

Once the above is completed we can start adding passwords to our safe – simply by issuing

 

Listing password then becomes really intuitive

 

To recover password we will just call the tree value

Now we will be asked for our GPG passphrase key in order to retrieve it.

 

 

Here we would now would like to make our password safe more reliable by using GIT to store our secrets. I’m using Gogs (GoGitAsService) which is a lightweight version available.

By issuing the following commmands we get our pass to store secrets in git :

Initialize

Add remote repository ( here you would need to adjust your remote repository to match – I’m using local docker instance )

Commit all changes

 

Once thats done we can take a peak on our repo which now has encrypted passwords for our specified items.

 

rafpe_passwords_-_gogs__go_git_service

 

From now on whenever I would be making changes I can just push them nicely to GIT and I have everything under control! Documentation has a lot to offer so be sure to check it – more detailed https://git.zx2c4.com/password-store/about/

 

I personally think the product is good – especially in environments where you should not store passwords in ‘clouds’ due to security constraints which may apply.

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: