Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/evgeni/pwstore
fork of https://code.google.com/p/pwstore
https://github.com/evgeni/pwstore
Last synced: 1 day ago
JSON representation
fork of https://code.google.com/p/pwstore
- Host: GitHub
- URL: https://github.com/evgeni/pwstore
- Owner: evgeni
- Created: 2014-03-07T09:15:25.000Z (over 10 years ago)
- Default Branch: devel
- Last Pushed: 2020-07-02T07:11:47.000Z (over 4 years ago)
- Last Synced: 2024-04-19T11:08:00.332Z (6 months ago)
- Language: Ruby
- Size: 35.2 KB
- Stars: 0
- Watchers: 4
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.asciidoc
Awesome Lists containing this project
README
PWS(1)
======
:doctype: manpageNAME
----
pws - password store managementSYNOPSIS
--------
*pws* 'COMMAND' ['OPTIONS']DESCRIPTION
-----------The pws tool allows you to store passwords (or anything else, really) in
a set of encrypted files. Each file can be encrypted to a different set
of users. pws helps you with the bookkeeping of which keys to encrypt
each file to and provides a convinient wrapper to edit protected files.In the intended use the directory with the encrypted passwords would be
under SCM control and shared with other people who need access.initialization
--------------First you need a file where your users and group are defined in. This
file is named .users. Lines consist of assignments of the form
=
and
@ = |@ [, |@ ...]Lines starting with a # are comments and thus get ignored.
--------------------------------
% cat .users
# This file needs to be gpg signed by a key whose fingerprint
# is listed in ~/.pws.yamlformorer = 6E3966C1E1D15DB973D05B491E45F8CA9DE23B16
weasel = 25FC1614B8F87B52FF2F99B962AF4031C82E0039
@admins = formorer, weaselzobel = 6B1856428E41EC893D5DBDBB53B1AC6DB11B627B
maxx = 30DC1D281D7932F55E673ABB28EEB35A3E8DCCC0
@vienna = zobel, maxx@all = @admins, @vienna
# gpg --clear .users && mv .users.asc .users
--------------------------------The .users file is designed to live in a SCM repository, such as git,
alongside all the other encrypted files. In order to prevent
unauthorized tampering with the .users file - for tricking somebody to
re-encrypt data to the wrong key - the .users file needs to be
PGP-clearsigned with a key from a whitelist.This whitelist lives in ~/.pws.yaml under the trusted_users key and
then under the directory name. A sample file looks like:---------------------------------
aliases:
debian:
- &tfheen A28411A596193171331802C0B65A4871CA19D717
- &weasel 25FC1614B8F87B52FF2F99B962AF4031C82E0039trusted_users:
"~/.pws":
- *tfheen
"~/debian/dsa-passwords":
- *tfheen
- *weasel
---------------------------------adding a new file
----------------------------------------------
% pws ed -n file
-----------------------------editing files
-------------Every file needs a header like:
------------------------------
access: @admins, maxx
------------------------------You can edit the encrypted file with the pws tool: +pws ed file+.
updating the keyring
--------------------If available as .keyring pws instructs GnuPG to use this keyring in
addition to the user's default keyrings. This allows sharing of the
keyring in the repository. Use +pws update-keyring+ to
update/initialize this keyring.AUTHOR
------
Peter Palfrader , Tollef Fog Heen