pass-secrets icon indicating copy to clipboard operation
pass-secrets copied to clipboard
verified publisher icon nullobsi

Storing pass secrets in password store and git

Open timlag1305 opened this issue 3 years ago • 2 comments

I see that there is some secret information stored as json files. I have several questions:

  1. Should this be stored in the password store directory? Some of the extensions/apps that interface with password store think they are passwords which I think is incorrect. If they aren't passwords then maybe they should be stored elsewhere.
  2. If they should be stored in the password store, should they be tracked in git? Currently I am not tracking them.

timlag1305 avatar Mar 23 '22 03:03 timlag1305

i have a .gitignore that ignores the secretservice directory. They could technically be git synched across devices but secrets are mainly per device and that would probably cause plenty of merge conflicts.

You're right; they are not stored encrypted because they're just basic metadata that needs to be accessed before the files can be unencrypted. Perhaps they should be moved to a hidden dotfile.

nullobsi avatar Mar 24 '22 03:03 nullobsi

I noticed compared to pass itself,browser plugins or Qt pass, pass-secrets doesn't store any metadata inside the keys. Sure doing so would require to decrypt more keys however storing metadata unencrypted leaks it and circumvents the system.

Thaodan avatar Sep 07 '22 13:09 Thaodan