On Sun, 27 Oct 2024 at 14:17, Scott Sullivan via talk <talk@gtalug.org> wrote:
On 2024-10-27 02:12, D. Hugh Redelmeier via talk wrote:
==> What do you guys do?
I've used a bunch of different tools , some listed by other folks in this thread.
I have since migrated to pass and it's ecosystem.
Pass is a commandline tool for managing passwords based on PGP encrypted files. It integrates git for automatic version control. I then layer qtpass as a gui when used with my linux desktops. This paired with the pass-otp extension to handle storage of totp secrets and generations of codes.
pass - https://www.passwordstore.org/
qtpass - https://qtpass.org/
pass-otp - https://github.com/tadfisher/pass-otp#readme
-- Scott Sullivan
I'll second the recommendation for `pass`. It's a PITA to set up, but once set up it's excellent. You'll need to have a reasonably good handle on using GPG keys, because you need your own key and local GPG setup to encrypt/decrypt your secrets. `pass` can even handle multiple users, although setting that up is even more of a pain as you have to encrypt to multiple GPG keys - but it does work (did it at work for a year and a half). All three packages Scott recommended are available in mainline Debian. I'll be investigating "pass-otp" just as soon as I have time - thanks for the recommendation. -- Giles https://www.gilesorr.com/ gilesorr@gmail.com