-
-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Git integration #14
Comments
Short: It does not. Long: Git works when the password store tree is visible. The whole purpose of pass-tomb is to hide this tree. Therefore git can be used as local versionning system but not as a way to sync the password store with a remote server. If you use git pull/push feature on an opened tomb, you will push an untombed password store. As of today, they is no solution to use both tomb and git on a remote server. I might implement a solution in the future. However, it would require an important amount of work. |
To sync my tomb, I placed my tomb-file and tomb-key in my pass-dir and commit only when the tomb is closed. Merging changes from multiple hosts isn't trivial with this setup, but syncing on multiple hosts works quite nicely. Do you see problems with this approach? Unfortunately, tomb modifies .last, .host, .tty and .uid every time you unlock the tomb, which is a pain when trying to version/sync this file via git. Are these files strictly necessary for operation? |
Alternative approach if you use only single PC at a time -- always keep tomb (without key) on some cloudsync. Pros: git diff / merge / etc -- working as without tomb. |
A few thoughts about this.
Therefore, could this be a reasonable workflow to integrate git with pass tomb:
This is not very efficient from the point of view of github, and no meaningful merge etc will take place at level 2 ie on the github repo, but this is not a problem: github is used only for syncing / archiving of strongly encrypted files, and meaningful merging will take place at the level 1. However this is not too problematic: if a tomb is 10MB, and a repo is 100GB, we can expect to be able to push 10,000 times, which is a lot, before hitting max repo size (by then github will probably have extended a bit the max repo size anyways). In this case should we consider implementing:
Does that make sense / do you agree on the logics behind? This actually may be quite ok to implement, what do you think? |
@jerabaul29, sorry, I see only cons in your approach. pass git init
sudo install -m 700 -o "$USER" -g "$USER" -d -- /media/tomb
sshfs -f --debug -o "umask=0077,noexec,no_readahead,allow_root,compression=yes,port=$port,IdentityFile=$id" "$host:tomb" /media/tomb
tomb open /media/tomb/pass.git.tomb -k ~/tomb/pass.git.tomb.key -g
pass git remote add origin /media/pass.git
pass git fetch --prune --all
pass git branch master -u origin/master
pass git push -u --all
tomb close pass.git
umount /media/tomb
And that's how you create remote tomb without passing key over network: # REMOTE
mkdir -m700 ~/tomb
chattr +C ~/tomb
tomb dig -s 20 ~/tomb/dev.tomb
# LOCAL
sudo mkdir -m700 /media/tomb && chown "$USER:$USER" /media/tomb
sshfs -d -o "umask=077,noexec,no_readahead,allow_root,port=22,IdentityFile=$id" user@host:tomb /media/tomb
tomb lock /media/tomb/dev.tomb -k ~/tomb/dev.tomb.key -gr "$gpgid" |
No worries, always good with a healthy discussion :) I am not sure that we talk about the same problem / that we solve the same problem? What I want is to use github as a backup from my tomb, with no information about the tomb content (other than the closed tomb itself) on github. Is it what your solution does too? In this case, the solutions should be more or less equivalent - as there is no way to circumvent that you need to push a closed tomb of 10 MB each time you do a pull. |
Nope, my setup is for personal VPS, or any file-sync solution like dropbox/googledisc. |
|
Don't want to hit the dead horse but this is still open so I don't see a needing to open other issue. A suggestion of mine is not use a script that detects changes on .pass.tomb and if so also awaits the pass close key and if both are received does what pass git push do? |
If this can help anyone, my approach to it was to make my own https://git.sr.ht/~mlaparie/passfzf Unfortunately |
How does pass-tomb interact with git? One of the things I like so much about pass is that it can handle merging encrypted files. It looks like
pass git push
would only work once the tomb is opened? And in that case, the remote server gets an untomb
ed password store? Thanks in advance.The text was updated successfully, but these errors were encountered: