58 lines
2.4 KiB
Plaintext
58 lines
2.4 KiB
Plaintext
:source-highlighter: pygments // technically needed for Asciidoc parsers for some code
|
|
:gitlab-personal-namespace: https://gitlab.com/ajhalili2006 // DO NOT UPDATE, dotfiles-secrets only exist in SaaS
|
|
= Andrei Jiroh's Passowrd Store
|
|
|
|
This is where I store some of my TOTP secrets and other cursed secrets I need to store in Git and in encrypted manner.
|
|
While I can safely store my encrypted secrets here in GPG, some cannot be here such as my SSH and GPG private keys, as they're
|
|
stored in {gitlab-personal-namespace}/dotfiles-secrets[an private repository only Andrei Jiroh can access].
|
|
|
|
== Usage docs
|
|
|
|
=== Setup
|
|
|
|
[source,bash]
|
|
----
|
|
# option 1: with passwordstore
|
|
doas apk add pass git gpg
|
|
pass git clone https://mau.dev/ajhalili2006/passstore-personal
|
|
|
|
# option 2: with gopass
|
|
# Debian and dervivative users should check https://github.com/gopasspw/gopass#debian-ubuntu-debian-raspbian-
|
|
# first. See also TBD
|
|
doas apk add gopass git gpg
|
|
gopass clone ssh://git@mau.dev/ajhalili2006/passwdstore-personal
|
|
# recommended: symlink ~/.password-store to our root gopass store
|
|
ln -s ~/.local/share/gopass/stores/root ~/.password-store
|
|
----
|
|
|
|
=== Adding new entry
|
|
|
|
TBD
|
|
|
|
== Note on whoever manage this repo as noted on my will
|
|
|
|
You must keep all of my GPG private keys private and hidden from the public eye and its key passwords well-guarded against
|
|
hackers and other people trying to get as much as senstive information hidden under encryption.
|
|
|
|
Technically, DO NOT LEAK ANYTHING UNENCRYPTED, ESPECIALLY FROM THIS REPO.
|
|
|
|
== FAQs
|
|
|
|
=== Do this replace your usage of your current password manager (Bitwarden)
|
|
|
|
Technically no. While I can still access them through the official CLI (himt: `npm i -g @bitwarden/cli`), I do not want
|
|
to lose access to the TOTP codes, especially it's always a painful process to do the recovery processes through identity
|
|
verification and sometimes, the brute-force hell.
|
|
|
|
=== What's about Doppler?
|
|
|
|
`pass`/`gopass` are being in use in combination with Doppler, an SecretOps cloud service, to store secrets. The
|
|
biggest difference here is the earlier uses GPG for encryption and Git for version control while the latter is
|
|
more complex and even store the keys to encrypt/decrypt stuff in a HSM.
|
|
|
|
== License
|
|
|
|
This documentation is licensed under CC BY-SA 4.0 Unported, while the rest are either under the default copyright
|
|
rules or the MIT license. Check the headers of each file to avoid possible copyright issues. Stuff that are encrypted
|
|
through GPG are not covered by MIT license.
|