Since we use quite a few tools, we end up having many different accounts to manage. Having the same easy password for all accounts wouldn't be a very wise way to go in terms of security (or even privacy in some case). Therefore, we usually use different passwords for each tool. For now we use two ways to share the different passwords.
Generally shared passwords, that everyone of the community should have easy access to, are accessible in this shared document. You will need the general password to access it. Ask someone from the community to have it, and please only exchange it through private one-to-one secured conversation (ideally "in real life", or else in a private encrypted element or signal chat conversation).
To have access to IT administration passwords you can join the IT team. Getting to know how to administer different tools takes a bit more time in order not to mess them up, hence the idea of IT team. However most tools we use should be accessible without need of technical knowledge, so anyone is welcome to join the team.
To access administration passwords you'll need to install password-store. Then the best is to get in touch with the IT team to get access to the passwords repository.
The following is the full process on how to setup pass (useful only if you want to be part of the it team).
If you don't feel comfortable with things in this tutorial, get in touch with us on the chat or live, and we can do the setting up process together.
pass
and git
First install pass and git with sudo apt install pass git
.
(if you dont use a debian based system, check this page for how to do it on your system (and don't forget to install git)).
If you don't yet have a PGP key, you will need to create one. Open a terminal (ctrl+alt+t normally) and write gpg --gen-key
then enter. Follow the instructions (probably some of it will not be very understandable, but using all default proposed settings should be fine).
When you're done creating the key, you can export it with the following command:
gpg --armor --export youremail.domain.org > ~/Desktop/my-public-key.asc
Replace youremail.domain.org
in the previous command by the email you used to create the key.
This will create a file named my-public-key.asc
on your desktop that you should send us (along with your framagit username) at the next step.
Once pass and git are installed, you will need to create a framagit account. Once you've successfully logged in framagit, give your framagit username to the IT team so that we can grant you access to the pass repository. And send you the repository link.
Now open a terminal (ctrl+alt+t), and run the following command:
git clone https://repository.link.we/just/sent/to/you .password-store
Don't forget to replace https://repository.link.we/just/sent/to/you
in the command by the link we sent you.
You should now be able to access passwords.
To access them, open a terminal and run pass
, this will list the passwords. Use pass somepassword
to display a password and pass somepassword -c
to copy it to clipboard. You can generate a twenty random characters long password with pass generate someOtherPassword 20
, and edit password informations with pass edit someOtherPassword
.
If you edit or generate passwords, don't forget to then run pass git push
to synchronize your updates with others, and if someone else made some modifications, you will need to run pass git pull
to get their modifications.
If you're already using pass, you should create a separate repository for magari's passwords. So when synchronizing the passwords run this instead: git clone https://repository.link.we/just/sent/to/you .password-store-magari
.
Then add the following lines in ~/.bashrc
file (which is in your home directory, and is hidden by default, you can toggle visibility of hidden files with ctrl+h
):
alias passmagari="PASSWORD_STORE_DIR=~/.password-store-magari PASSWORD_STORE_GIT=~/.password-store-magari pass"
Then to enable bash completion for passmagari
alias add the following to ~/.bash_completion
:
source /usr/share/bash-completion/completions/pass
_passmagari(){
PASSWORD_STORE_DIR=~/.password-store-magari/ _pass
}
complete -o filenames -o nospace -F _passmagari pass-magari
Maybe make sure that the package bash-completion
is installed in your system, but probably it is already.