Replies: 1 comment
-
|
That is a tricky question. Back in the days my employer was also considering to use Vault and that's why I built that backend. Also at some point we started to acomodate for people packaging gopass and especially Debian is very annoying in that regard. It requires every single dependency to be packaged - even for a statically complied go binary. So cutting dependencies has been - and still is - a design goal. I still hope we might get it into the offical debian archive at some point. |
Beta Was this translation helpful? Give feedback.
-
Hi.
Recently we have moved the company secrets from gopass to vault. The main reason was the need for more fine grained permissions and a log for access. Also, the process to add and remove people was quite expensive in terms of reencrypting, which usually failed in some files, because of gpg, and need a couple of fsck to solve it.
GPG could also be complicated for the not experienced user, keys expiring too soon, not moving the keys when changing the computer, creating multiples keys.
And users were using all kind of wrong formats inside of the files, making it harder to use.
All that said, I still think gopass is great and I want to keep using it.
Vault allow us to have that fine grained control, logs, sign ssh keys, integrate with k8s, etc, but misses a nice cli.
I have hacked some read-only interface with fzf, faq and some other vault clients, but it's not clean and misses the edit/create part.
So I was thinking too add vault as a backend. I saw this PR from 4 years ago removing it: #1282.
So my question is, would a refactor of that backend be accepted? Maybe now it's gopass too attached to gpg+git that would be impossible/impractical?
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions