Friday, October 23, 2015

Password management in CLI. Using the standard unix password manager: pass with AWS CodeCommit and multi-environment setup

Install and configure pass utility: http://www.passwordstore.org/
yum install pass

Multi-environment setup: Work and Personal passwords in 2 different locations, gpg keys and version controls.
less ~/.bashrc 
# Switch to personal pass credentials
personal() {
    if [ -e ~/.gnupg ]; then rm ~/.gnupg ;fi 
    export PASSWORD_STORE_DIR=/run/media/my_user/DATA/Personal/credentials/.pass 
    ln -s /run/media/my_user/DATA/Personal/credentials/.gnupg ~/
}

work() {
    if [ -e ~/.gnupg ]; then rm ~/.gnupg ;fi
    export PASSWORD_STORE_DIR=/home/my_user/Big_corp/credentials/.pass
    ln -s /home/my_user/Big_corp/credentials/.gnupg ~/
}


Enable config above:
$. ~/.bashrc
Switch to personal environment:
$personal
Generate gpg keys:
gpg --gen-key
Check
gpg --list-keys
Note Key-ID anb initiate pass:
pass init 75d6793
For versions enable git feature
pass git init
Start using:
pass insert Test/test
pass ls
pass show Test/test
pass rm Test/test
Version Control
Configure remote if you need ( central git repo, github or AWS CodeCommit )
 AWS Code commit example:
Configure CodeCommit: Create repo + allow access to it for you user and add you public ssh key to the user in IAM.
Then on you machine:
  1. go to $PASSWORD_STORE_DIR
  2. git remote add origin ssh://APrrfrA@git-codecommit.us-east-1.amazonaws.com/v1/repos/credentials
  3. git remote -v
  4. git push origin master
And now you push your changes
pass git push



PS. pass use gpg2 if it available instead of gpg. Recently gpg2 has been updated to version 2.1 that might cause some issues with availability of you gpg keys. So, if you see your kees using gpg --list-keys but can't see them using gpg2 --list-keys, most probably automatic migration to version 2.1 fail and you need to do it manually.  
Force migration from GnuPG 1 to 2.1 
remove files:
rm pubring.kbx 
rm -rf private-keys-v1.d
force migration:
gpg2 --import ~/.gnupg/secring.gpg

No comments:

Post a Comment