Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password update with wildcard for certain username #3

Open
aventrax opened this issue Aug 9, 2017 · 9 comments
Open

Password update with wildcard for certain username #3

aventrax opened this issue Aug 9, 2017 · 9 comments
Labels
enhancement

Comments

@aventrax
Copy link

aventrax commented Aug 9, 2017

Hello,

i have my domain password used to access various web interfaces.
The domain account has always the same password and it changes every 90 days.
My pass uses the structure as /web/www.example.com/username, and I would like to perform a "bulk update" of a certain username. I'm using git so I can't just update the first and copy the .gpg file overwriting the others, I'm expecting this to be possible:

pass update /web/*/username

Can this be implemented?
@roddhjav
Copy link
Owner

Yes it can, it's a good feature, thank for the proposal. I'll work on the implementation shortly

@roddhjav
Copy link
Owner

pass update can now update a full directory at once. However, bulk update as you wish pose an issue because when writing pass update web/*/username, the shell interprets * itself and passes the result to pass update.

@aventrax
Copy link
Author

so should I quote the asterisk with a backslash or keep 'web/*/username' ?

@roddhjav
Copy link
Owner

Yes it could work however the auto-completion cannot work like this

roddhjav added a commit that referenced this issue Sep 16, 2017
@roddhjav
Add support for wildcard update. See #3
6f5361f
@roddhjav
Copy link
Owner

Fixed with pass-update 2.0

@aventrax
Copy link
Author

aventrax commented Nov 1, 2017

Finally the time to bulk changing my passwords has come.
I simply quoted the asterisk like this: pass update -p "/web/*/mydomainuser"

This worked, anyway it's pretty annoying process because pass asks..

Changing password for /web/site1/mydomainuser
oldpassword
mydomainuser
Are you ready to provide a new password? [y/N] y
Enter the new password for /web/site1/mydomainuser: ..
Retype the new password for /web/site1/mydomainuser: ..
[master 0ae8c50] Update password for /web/site1/mydomainuser to store.
1 file changed, 0 insertions(+), 0 deletions(-)
rewrite web/site1/mydomainuser.gpg (100%)

..and it repeat these lines for every founded password.
Plus, showing my old password is a non-sense because I do not need to see the old password and this costs me more sweat because of my Yubikey to be "touched" each time I had to decode something. This time could be saved if only it wouldn't show me my old passwords...

I know that probably this is because of pass itself and not your extension, but do you know how to make this process easier for me?
Moreover, is there a way to provide the new password ONE TIME only, not having to repeat it each time?

@roddhjav
Copy link
Owner

roddhjav commented Nov 3, 2017

You can speed up the process by doing:

pass update -m -f "/web/*/mydomainuser"

However, you will still need to provide the new passwords a lot of time. I don't plan to change this, because when using a password manager, we expect that all the passwords are different.

In your use case where this is the same user account, you should probably use password inheritance.

@roddhjav roddhjav reopened this Nov 3, 2017
@aventrax
Copy link
Author

aventrax commented Nov 4, 2017

Right, I missed the option -f ;-) With it it's less painful :-)
Your decision to do not implement bulk-same-pwd-changing might be right, but when the user is changing a domain password it's doesn't look the best choice. Fortunately I have only a dozen domain password used by company's sites through browserpass, so it is manageable.
I'll look into inheritance the next time (3 months), because at the moment it seems just a "discussion" on the mailing list...

Many thanks.

@aventrax
Copy link
Author

Hello, I'm here again because I found a better way to handle my domain password (the same on multiple web pages): The symlinks!

I created my user/pass as normal, then I manually create the relative symlinks on each folder I needed, than I add them to the GIT repo (manually). Links a managed by git, so on Linux I have no issues.

  • pass insert /others/domain_user
  • cd .password-store/web/blog.company.com/
  • ln -s ../others/domain_user .
  • git add domain_user
  • git commit -m "test symlink"
  • git push

Then, every time I need to change it, I only change /others/domain_user (not tried yet, but no reasons why it shouldn't work).

On windows I had the problem that GIT did not manage the symlinks, but only because I installed git scm without enabling "symlinks" during installation. Moreover, from Windows 10 creator update, the symlinks are enabled without special permissions, It only requires the "developer mode" enabled.

https://www.joshkel.com/2018/01/18/symlinks-in-windows/

So, here what I did on my Windows 10:

  • Developer Mode enabled
  • Git SCM with symlinks enabled
  • Environment variable MSYS=winsymlinks:nativestrict
  • git config --system core.symlinks true

Thats it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@roddhjav @aventrax