On passwords

On passwords


Since we use quite a few tools, we end up having many different accounts to manage. Having the same easy password for all accounts wouldn't be a very wise way to go in terms of security (or even privacy in some case). Therefore, we usually use different passwords for each tool. For now we use two ways to share the different passwords.

General passwords

Generally shared passwords, that everyone of the community should have easy access to, are accessible in this shared document. You will need the general password to access it. Ask someone from the community to have it, and please only exchange it through private one-to-one secured conversation (ideally "in real life", or else in a private encrypted element or signal chat conversation).

IT tools administration

To have access to IT administration passwords you can join the IT team. Getting to know how to administer different tools takes a bit more time in order not to mess them up, hence the idea of IT team. However most tools we use should be accessible without need of technical knowledge, so anyone is welcome to join the team.
To access administration passwords you'll need to install password-store. Then the best is to get in touch with the IT team to get access to the passwords repository.

Full setup for setting up pass

The following is the full process on how to setup pass (useful only if you want to be part of the it team).

If you don't feel comfortable with things in this tutorial, get in touch with us on the chat or live, and we can do the setting up process together.

Installing pass and git

First install pass and git with sudo apt install pass git.
(if you dont use a debian based system, check this page for how to do it on your system (and don't forget to install git)).

Create a PGP key

If you don't yet have a PGP key, you will need to create one. Open a terminal (ctrl+alt+t normally) and write gpg --gen-key then enter. Follow the instructions (probably some of it will not be very understandable, but using all default proposed settings should be fine).

When you're done creating the key, you can export it with the following command:

gpg --armor --export youremail.domain.org > ~/Desktop/my-public-key.asc

Replace youremail.domain.org in the previous command by the email you used to create the key.
This will create a file named my-public-key.asc on your desktop that you should send us (along with your framagit username) at the next step.

Synchronizing the passwords to your computer

Once pass and git are installed, you will need to create a framagit account. Once you've successfully logged in framagit, give your framagit username to the IT team so that we can grant you access to the pass repository. And send you the repository link.
Now open a terminal (ctrl+alt+t), and run the following command:

git clone https://repository.link.we/just/sent/to/you .password-store

Don't forget to replace https://repository.link.we/just/sent/to/you in the command by the link we sent you.

Use pass

You should now be able to access passwords.
To access them, open a terminal and run pass, this will list the passwords. Use pass somepassword to display a password and pass somepassword -c to copy it to clipboard. You can generate a twenty random characters long password with pass generate someOtherPassword 20, and edit password informations with pass edit someOtherPassword.
If you edit or generate passwords, don't forget to then run pass git push to synchronize your updates with others, and if someone else made some modifications, you will need to run pass git pull to get their modifications.

I'm already using pass, how can I do to have two different repositories?

If you're already using pass, you should create a separate repository for magari's passwords. So when synchronizing the passwords run this instead: git clone https://repository.link.we/just/sent/to/you .password-store-magari.

Then add the following lines in ~/.bashrc file (which is in your home directory, and is hidden by default, you can toggle visibility of hidden files with ctrl+h):

alias passmagari="PASSWORD_STORE_DIR=~/.password-store-magari PASSWORD_STORE_GIT=~/.password-store-magari pass"

Then to enable bash completion for passmagari alias add the following to ~/.bash_completion:

source /usr/share/bash-completion/completions/pass
    PASSWORD_STORE_DIR=~/.password-store-magari/ _pass
complete -o filenames -o nospace -F _passmagari pass-magari

Maybe make sure that the package bash-completion is installed in your system, but probably it is already.