Pass Transit or gnu-pass-transit, whatever is the title you're more satisfied
with, is a small and fairly simple script that allows you to package your GNU
Pass storage (didn't test with multiple) and re-encrypt every single password in
it to allow you to, say, share one or sync the password storages with an another
computer of yours without the tedium of doing it manually for each one or the
anxiety of doing it in plaintext.
It's fairly simple. First off, you can use it by its relative path:
./gnu-pass-transit
Secondly, you can send this thing up your /usr/local/bin or anywhere on your
path, don't forget to chmod 644 it afterwards.
To actually use it, you have to have these pre-requisites:
-
shredmust be present on yourPATH. You can disable shredding by setting__DO_SHREDin the file toFalse, though that is to say, user discretion is advised. -
GNU
pass, obviously. -
If you're on a recieving side, you just have to have a GnuPG pair. Public key is, as per usual, given to the sender. Sender re-encrypts the passwords with it and gives you a gpg-ed tarball that contains the passwords they have sent.
-
If you're on a sending side, you get the public key, probably provide a list of passwords you want exported, and send a tarball to the recipient.
So, actual export of the storage is done this way:
./gnu-pass-transit -r their-email@foo.bar
If you want to select the passwords before actually doing it, you can do this:
./gnu-pass-transit -r their-email@foo.bar -e passname1 passname2
Once the export is done, the resulting encrypted tarball will be placed at
$HOME/.local/share/pass_export, the *.tar.gz.gpg one, yep.
Just do it like this:
./gnu-pass-transit -r my-key-email@bar.baz -i yourtarballhere.tar.gz.gpg
If a collision is detected, you'll be given an option to decline the overwrite or to go through with it, it's your call.