organman91 · September 24, 2020 09:06
diff --git a/pass_easy_setup.sh b/pass_easy_setup.sh
 #Install pass and its dependencies: http://www.passwordstore.org/#download
 #Generate a gpg key if you don't have one already.
 gpg --gen-key

 #Create a git (or mercurial) repository. Needless to say, you should NOT be checking this repo in to a system you don't control.
 #Make two directories within it:
 mkdir /path/to/repo/pubkeys /path/to/repo/store

 #Set the PASSWORD_STORE_DIR environment variable to the store directory:
 export PASSWORD_STORE_DIR="/path/to/repo/store"

 #You can add it to your bash or zsh config:
 echo "export PASSWORD_STORE_DIR=/path/to/repo/store" >> ~/.bashrc
 echo "export PASSWORD_STORE_DIR=/path/to/repo/store" >> ~/.zshrc

 #Install gpg-agent via your package manager of choice.
 #Set it up by putting the following in your bashrc:
 if [ -f "${HOME}/.gpg-agent-info" ]; then
  . "${HOME}/.gpg-agent-info"
 else
  eval $(gpg-agent --daemon --write-env-file "${HOME}/.gpg-agent-info")
 fi
 export GPG_AGENT_INFO
 GPG_TTY=$(tty)
 export GPG_TTY

 #or zshrc:
 if [[ -f "${HOME}/.gpg-agent-info" ]]; then
  . "${HOME}/.gpg-agent-info"
 else
  eval $(gpg-agent --daemon --write-env-file "${HOME}/.gpg-agent-info")
 fi
 export GPG_AGENT_INFO
 GPG_TTY=$(tty)
 export GPG_TTY

 #Create a file in pubkeys whose filename is the ID of your gpg public key ($KEY_ID)
 #and whose contents is the export of your pubkey.
 #(You can find $KEY_ID by running gpg --list-keys)
 gpg --export --armor $KEY_ID > /path/to/repo/pubkeys/$KEY_ID

 #Later, you will need to import the public keys of everyone that needs access to the password store.
 #The easiest way is to have each member commit their own public key to the repo.
 #You can then import them all at once:
 cd /path/to/repo/pubkeys; for pubkey in *; do gpg --import $pubkey; gpg --edit-key $pubkey trust save; done
 #This will prompt you to import and trust each key. (You can skip your own key).

 #Whenever you add a new user (including the person setting this up),
 #you will need to re-initialize pass to encrypt with all the public keys:
 pass init $(cd /path/to/repo/pubkeys; echo *)
 #After doing so, commit your changes (your team members won't need to run this command).

 #If you need to add a new team member later on, add their public key to the pubkeys/ directory
 #and have every team member import it, then re-run the init command above.
	#Install pass and its dependencies: http://www.passwordstore.org/#download
	#Generate a gpg key if you don't have one already.
	gpg --gen-key

	#Create a git (or mercurial) repository. Needless to say, you should NOT be checking this repo in to a system you don't control.
	#Make two directories within it:
	mkdir /path/to/repo/pubkeys /path/to/repo/store

	#Set the PASSWORD_STORE_DIR environment variable to the store directory:
	export PASSWORD_STORE_DIR="/path/to/repo/store"

	#You can add it to your bash or zsh config:
	echo "export PASSWORD_STORE_DIR=/path/to/repo/store" >> ~/.bashrc
	echo "export PASSWORD_STORE_DIR=/path/to/repo/store" >> ~/.zshrc

	#Install gpg-agent via your package manager of choice.
	#Set it up by putting the following in your bashrc:
	if [ -f "${HOME}/.gpg-agent-info" ]; then
	. "${HOME}/.gpg-agent-info"
	else
	eval $(gpg-agent --daemon --write-env-file "${HOME}/.gpg-agent-info")
	fi
	export GPG_AGENT_INFO
	GPG_TTY=$(tty)
	export GPG_TTY

	#or zshrc:
	if [[ -f "${HOME}/.gpg-agent-info" ]]; then
	. "${HOME}/.gpg-agent-info"
	else
	eval $(gpg-agent --daemon --write-env-file "${HOME}/.gpg-agent-info")
	fi
	export GPG_AGENT_INFO
	GPG_TTY=$(tty)
	export GPG_TTY

	#Create a file in pubkeys whose filename is the ID of your gpg public key ($KEY_ID)
	#and whose contents is the export of your pubkey.
	#(You can find $KEY_ID by running gpg --list-keys)
	gpg --export --armor $KEY_ID > /path/to/repo/pubkeys/$KEY_ID

	#Later, you will need to import the public keys of everyone that needs access to the password store.
	#The easiest way is to have each member commit their own public key to the repo.
	#You can then import them all at once:
	cd /path/to/repo/pubkeys; for pubkey in *; do gpg --import $pubkey; gpg --edit-key $pubkey trust save; done
	#This will prompt you to import and trust each key. (You can skip your own key).

	#Whenever you add a new user (including the person setting this up),
	#you will need to re-initialize pass to encrypt with all the public keys:
	pass init $(cd /path/to/repo/pubkeys; echo *)
	#After doing so, commit your changes (your team members won't need to run this command).

	#If you need to add a new team member later on, add their public key to the pubkeys/ directory
	#and have every team member import it, then re-run the init command above.