Icon TP 145

Gooooooo, gopass!

Problem

The management of passwords in project teams is usually either associated with costs (cloud solutions), works only mediocre and is often chaotic (KeePass file stored somewhere) or access to it is limited (e.g., internally available password server).

In addition, all password managers (including the one presented here in the follow-up) have the problem that even after access has been revoked, old passwords can still be accessed via a local older copy. The only solution to that problem is to rotate all passwords.

Solution

For everything else there is: gopass! This is a password manager that stores all passwords encrypted with GPG in git (should not be public, because metadata is not encrypted).

Due to compatibility with pass, there is a variety of tools, clients (Windows/Mac/Linux/Android/iOS), and extensions for most browsers. With wrapper scripts and almost arbitrary formatting of the entries you can do pretty much anything and use gopass very individually. So, it can be used by every team member.

In addition, gopass organizes passwords via (multi-)stores, which allows to control access very well. These stores can then be used locally by authorized persons to create the following structure, for example:

Sample data
$ gopass ls
gopass
├jambit (/path/to/store/jambit)
│└jambit.com/
│ └mbraun
├project (/path/to/store/project)
|└aws.com/
| └project.mbraun
└personal (/path/to/store/personal)
 └aws.com/
  └personal.mbraun

$ gopass recipients
gopass
├jambit (/path/to/store/jambit)
│└UID1 - M. Braun <mb@jambit.com>
├project (/path/to/store/project)
|├UID1 - M. Braun <mb@jambit.com>
|├UID2 - K. Korn <kk@jambit.com>
│└UID3 - C. Grube <cg@jambit.com>
└personal (/path/to/store/personal)
 ├UID1 - M. Braun <mb@jambit.com>
 └UID4 - M. Braun <mb@gmail.com>
Use
# show entry
$ gopass show jambit/jambit.com/mbraun
Secret: jambit/jambit.com/mbraun
THISISTHESECRET!!!!
---
username: mbraun
azure-sub: 12345678-1234-5678-9987-65432112
totp: Base32encodedsecret

# copy password (first line of entry) to clipboard
$ gopass show -c jambit/jambit.com/mbraun
✔ Copied jambit/jambit.com/mbraun to clipboard.

# copy and display OTP token
$ gopass otp -c jambit/jambit.com/mbraun
561091 lasts 18s
✔ Copied token for jambit/jambit.com/mbraun to clipboard.

# copy key/value from entry
$ gopass show -c jambit/jambit.com/mbraun azure-sub
✔ Copied jambit/jambit.com/mbraun to clipboard.
Secret: jambit/jambit.com/mbraun
Key: azure-sub
12345678-1234-5678-9987-65432112
Visual TP 145

Further Aspects

---

Author: Michael Braun / Project Manager / Platforms & Operations

Cookie Settings

This website uses cookies to personalize content and ads, provide social media features, and analyze website traffic. In addition, information about your use of the website is shared with social media, advertising, and analytics partners. These partners may merge the information with other data that you have provided to them or that they have collected from you using the services.

For more information, please refer to our privacy policy. There you can also change your cookie settings later on.

contact icon

Contact us now