Password storage and access control through GPG.
Why not use Vault?
- This is simpler (~128 lines of Bash)
- Highly available with trivial deployment (
git push
to several repos) - Fully decentralised (keeps working even without Internet access;
root
can't sniff your passwords)
First you should set up GPG. See http:https://zacharyvoase.com/2009/08/20/openpgp/ .
In a multi-user environment you should export all keys to pubkeys/
. Example:
gpg --output pubkeys/<YOUR_KEY_EMAIL>.asc --armor --export '<YOUR_KEY_EMAIL>'
Finally, do this:
echo '<YOUR_KEY_EMAIL>' > whoami
./add-secret.sh
See "vim integration". Otherwise:
./decrypt.sh encrypted/example.gpg
$EDITOR decrypted/example.txt
If you use the vim integration don't forget to use :GPGEditRecipients
. Otherwise:
$EDITOR decrypted/example.txt
./encrypt.sh decrypted/example.txt
Install https://github.com/jamessan/vim-gnupg . This allows you to directly open
and update .pgp
files.