Hacker News new | ask | show | jobs
by mrhigat4 3261 days ago
I use pass and love it. It provides a lot of flexibility. To fix the "website metadata is leaked in filenames" issue, I use another project by Jason, ctmg[0]. I changed the pass directory to be one directory deeper, encrypted it and just do `ctmg open` when I boot to open my password list (similar to unlocking a keypassX store) then use pass as normal. On shutdown, the opened folder is re-encrypted automatically. You could also set a ctmg close on a timer if you don't want the list to be available during your entire session after open.

Other things I do:

* store all the files as .toml files so I can rip specific keys with a custom script.

* Have a directory for web so `pass web` will give me all websites. Have a script to fill username pass for each.

* Have a directory for contacts. Then wrote a script to generate vCard files by crawling and pulling keys, base64 profile images and all.

* use syncthing to keep all devices up to date.

It's pretty slick workflow IMHO

[0] https://git.zx2c4.com/ctmg/about/
3 comments
roddhjav 3261 days ago
Since pass supports extension, you can make your setup less complex using pass-tomb. 'pass-tomb' keep the whole tree of password encrypted inside a tomb, see https://github.com/roddhjav/pass-tomb
link
zx2c4 3260 days ago
Nice to hear somebody out there is using ctmg. I never bothered making packages for distros other than Gentoo, but ctmg is quite useful so maybe I'll do that.
link
mrhigat4 3259 days ago
Cheers. Yeah for sure, I was too lazy to make a PR on nixpkgs, but this[0] is what I wrote if anyone stumbles on this using NixOS. The nix package manager can be installed on top of most OS's too.

[0]: https://pastebin.com/raw/FYMean1q

link
painted 3261 days ago
looks like a nice setup, but what about mobile?
link
mrhigat4 3261 days ago
Syncthing has a mobile app and there's an app for pass called PasswordStore[0] using OpenKeychain[1] (pgp manager). I'm not a fan of putting my private key on my mobile, but if I were, this would be a nice setup.

[0]: https://github.com/zeapo/Android-Password-Store

[1]: https://github.com/open-keychain/open-keychain

Edit: yeah for ctmg support, probably have to hold out for something like PostMarketOS to save us.

link
aeorgnoieang 3261 days ago
You don't need to put your private key on a mobile device. You can create a separate key for each device. Pass supports multiple keys.
link
pietroalbini 3261 days ago
If your phone has NFC you can use a YubiKey to store the gpg key and decrypt the password via NFC.
link
painted 3261 days ago
yes, I saw this for pass, but I was referring to his setup where he uses ctmg also
link