-
Notifications
You must be signed in to change notification settings - Fork 95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: support pass cred store #1070
base: linux
Are you sure you want to change the base?
Conversation
Signed-off-by: Shubharanshu Mahapatra <[email protected]>
) | ||
|
||
func (pia *passInitAction) initGpgKey() command.Command { | ||
passphrase := pwgen.GeneratePassword(passphraseLength, true) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since we're not even asking users to enter a passphrase, can't we do this behind the scenes? Should we instead have a mechanism that initializes the cred store whenever a user modifies their creds_helpers
to include pass
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
deletion is problematic,
i would prefer not taking responsibility of key management, if its done with a command customer has responsibility to manage key lifecycle.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can still have the commands, but if the commands require 0 user input, I don't see the harm in doing it for them
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i still feel if we create it the lifecycle is on us to manage for example key rotation etc. if it is automatically done finch has to won the management of the key.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the purpose of key rotation for a key where we don't even care about the password?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if the key is compromised, we probably want to rotate it, and having set time to rotate it probably makes it harder to breach within certain time period.
passphrase := pwgen.GeneratePassword(passphraseLength, true) | ||
ecc := command.NewExecCmdCreator() | ||
cmd := ecc.Create( | ||
"gpg2", "--batch", "--passphrase", passphrase, "--quick-gen-key", "finch") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this key expire after some default period?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
key doesnt expire, the key creation is owned by the customer so they would need to remove it.
Issue #, if available:
Description of changes:
Feature to support pass cred store.
TODO:
Testing done:
Env:
Test:
License Acceptance
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.