-
-
Notifications
You must be signed in to change notification settings - Fork 496
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is it possible to have gopass encrypt the file structure? #2634
Comments
Hey there, @Crown0815. Though there are many contributors and maintainers keen on implementing something like this, there's a lot of concerns that make it not as straightforward as one would hope.
There's discussions of varying length about this on #1974, #2275, #673, and most notably #1560, so if you have any input or opinions on the matter, it would be appreciated. Rest assured though, everyone wants this feature :) |
Could a middleware layer for interacting with file names be added? I haven't looked into the way that gopass extensions work, depending on whether they access the underlying files themselves directly or access via a gopass api this may allow for changes like this without breaking functionality.
If the on-disk file names are derivative from the human-readable file names instead of from the content within them, I believe git should be able to properly detect and play nicely with:
If someone uses Alternate idea, locking and unlocking functionality for the password store, essentially just an encrypted tar file, similar to the pass-tomb extension, but rewritten in go for cross platform compatibility. This would allow for securing the password store at rest on client devices, which is most likely the main point of compromise and would eliminate a large amount of the data leak issue. VCS would have to interact with the "unlocked" version of the files to function properly, so definitely not a perfect solution, but this is the most feasible that I can think of at the moment. |
Is it possible to use gopass with pass-code?
I think gopass is a great tool to use git as a password storage, but I am a little on the fence about having my whole password structure, e.g., which websites I have accounts for, accessible through git.
I understand that the idea is to keep the repository itself hidden, but a difference to other password manager files is that they hide everything by default. So even if their file gets leaked it should require significant effort to extract any information from it.
The solution in
pass
andgopass
also seems rather straight forward, encrypt the files and keep their structure in a separate file that is also encrypted. Such a solution was implemented in pass-code, apass
extension.I wonder if such functionality is of interest for gopass as well? I would definitely prefer to have my password structure encrypted together with the actual passwords.
The text was updated successfully, but these errors were encountered: