2013-11-11

Learn git and migrate to password-store

A blog entry detailing how I learned something about administering git repositories and, at the same time, migrated my passwords from kwalletmanager (which I found difficult to back up and keep synchronized between machines), to password-store, a command-line application that optionally works with a git repository.

Git reading list

Install password-store

Installing password-store on openSUSE is not exactly user-friendly. The initiated can just go to the password-store project on the OpenSUSE Build Service and they will know what to do next. For the uninitiated, here are magic incantations for openSUSE 12.3 and openSUSE 13.1:
  • Since password-store isn't in the main openSUSE repo yet, I have to add the OBS repository corresponding to my openSUSE version:
    # ### for openSUSE 12.3
# zypper ar \
http://download.opensuse.org/repositories/security:/passwordmanagement/openSUSE_12.3/ \
'security:passwordmanagement'
# ### for openSUSE 13.1
# zypper ar \
http://download.opensuse.org/repositories/security:/passwordmanagement/openSUSE_13.1/ \
'security:passwordmanagement'
  • Refresh the repo:
    # zypper ref 'security:passwordmanagement'
  • Install the package:
    # zypper in password-store
  • Read the manpage:
    # man pass

Set up a bare git repository

My setup for working on a directory tree from multiple computers is based on a "bare" git repository (i.e. one which is not simultaneously a working copy). This bare repository can be anywhere. For example, it could be on a dedicated server. Or it could it be on a workstation. Or on a laptop. The salient point being: don't make multiple copies of it. This is the master, or origin in git terminology, from which I will clone off working copies to each computer where I work.
  • Initialize the bare repository:
    $ git init --bare git-repo/password-store
Initialized empty Git repository in /home/smithfarm/git-repo/password-store/
  • Clone the bare repository to ~/.password-store (which is where password-store looks for its data):
    $ cd
$ git clone git-repo/password-store .password-store
Cloning into '.password-store'...
warning: You appear to have cloned an empty repository.
done.

Initialize password store

Note: before I can go any further, I have to know my GPG key. (GPG keys are pretty easy to set up and administer, and help is just a Google away.)
  • Initialize my local password store:
    $ cd
$ pass init [MY_GPG_KEY_ID]
[master (root-commit) 1742584] Set GPG id to [MY_GPG_KEY_ID].
 1 file changed, 1 insertion(+)
 create mode 100644 .gpg-id
  • Verify that origin is the bare git repo I just set up:
    $ cd ~/.password-store
$ git remote -v
origin  /home/smithfarm/git-repo/password-store (fetch)
origin  /home/smithfarm/git-repo/password-store (push)

Add a password

  • Add a password
    $ cd
$ pass insert testpass
Enter password for testpass: [type "test"]
Retype password for testpass: [type "test" again]
gpg: [MY_GPG_KEY_ID]: skipped: public key already present
[master 2821d80] Added given password for testpass to store.
 1 file changed, 13 insertions(+)
 create mode 100644 testpass.gpg
  • List my password store:
    $ pass ls
Password Store
└── testpass
  • Push to the git repo:
    $ cd ~/.password-store
$ git push
Counting objects: 6, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (4/4), done.
Writing objects: 100% (6/6), 952 bytes, done.
Total 6 (delta 0), reused 0 (delta 0)
To /home/smithfarm/git-repo/password-store
 * [new branch]      master -> master

Clone the bare repo to another computer

Now I clone the bare repo containing my test password to a second computer (e.g. a laptop) where I also need the password store.
  • Make sure I'm really on the second computer:
    $ hostname --fqdn
second.computer
  • Install password-store on this computer (it has to be installed on every computer where I intend to use it)
  • Clone the bare repo:
    $ cd
$ git clone [MY_USERNAME]@[FIRST_COMPUTER]:git-repo/password-store .password-store
Cloning into '.password-store'...
Password: 
remote: Counting objects: 6, done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 6 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (6/6), done.
Checking connectivity... done
  • List passwords:
    pass ls
Password Store
└── testpass
  • While I'm on the second computer, add a second test password:
    $ cd
$ pass insert secondtestpass
Enter password for secondtestpass: [type "test"]
Retype password for secondtestpass: [type "test" again]
[master f91c264] Added given password for secondtestpass to store.
 1 file changed, 13 insertions(+)
 create mode 100644 secondtestpass.gpg
  • List passwords again:
    $ pass ls
Password Store
├── secondtestpass
└── testpass
  • Push the updates to the remote (bare) git repository:
    $ cd ~/.password-store
$ git push
Password: [type my password on the first computer; 'git' is loggin in via SSH]
Counting objects: 4, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 784 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To smithfarm@[FIRST_COMPUTER]:git-repo/password-store
   2821d80..f91c264  master -> master

Update the working copy on the first computer

To use 'secondtestpass' on the first computer, I have to update the working copy there:
  • Make sure I'm really on the first computer:
    $ hostname --fqdn
first.computer
  • Update the working copy:
    $ cd ~/.password-storegit pull
remote: Counting objects: 4, done.
remote: Compressing objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (3/3), done.
From /home/smithfarm/git-repo/password-store
   2821d80..f91c264  master     -> origin/master
Updating 2821d80..f91c264
Fast-forward
 secondtestpass.gpg | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 secondtestpass.gpg
  • Prove to myself that all is good:
    $ pass ls
Password Store
├── secondtestpass
└── testpass

Summary

To summarize. When I add a password to the password store (on any machine), I should push to the remote repo as soon thereafter as possible. To make sure my working copy is up to date, I should pull from the remote often.

Note that this procedure can be used for any directory tree, not just the password-store one.
Labels: , ,

2 comments:

  1. Unknown16:09

    Thank you for the introduction into this cool tool.
    I like it. ;)

    I`d like to change push command to this:

    cd .password-store/
    mcaj@my-machine:~/.password-store> git push
    Counting objects: 43, done.
    Delta compression using up to 8 threads.
    Compressing objects: 100% (42/42), done.
    Writing objects: 100% (42/42), 11.63 KiB | 0 bytes/s, done.
    Total 42 (delta 13), reused 0 (delta 0)
    To /home/mcaj/git-repo/password-store/
    d4fd587..f2e62d5 master -> master

    Then is more clear for git beginners thay have to be in the .password-store directory when thy want to push changes into local git-repo.

    ReplyDelete
    Replies
    1. smithfarm11:48

      Thanks, Martin -- good point. Fixed now.

      Delete

Subscribe to: Post Comments (Atom)