pass team - An extension for pass(1) which allows team members to share passwords among each other using Role-based Access Control.
pass team --version
pass team [--help|--debug] COMMANDS...
pass team init ([--trusted] <gpg-key>)...
pass team role list [--format=pretty|--format=one-line]
pass team role (show|add|remove) <role>
pass team role (assign|unassign) <role> <gpg key>...
pass team share list [--format=pretty|--format=one-line]
pass team share (show|unset) <shared dir>
pass team share (add|set|remove) <share dir> <role>...
Pass team is an extension for pass - the standard unix password manager (https://www.passwordstore.org/).
Pass team allows team members to use pass as the password store for both private and shared passwords and distribute shared passwords among each other using Role-based Access Control.
Intialize the pass team extensions and use the given as pass team managers. The pass team managers are responsible for managing the roles and shared directories. Managers who are `trusted' will also be added to every share (and thus will be able to read every password). This is handy when passwords need to be reencrypted often because of changing roles or shares.
The --trusted flag always affects the first directly following gpg-key.
Commands for adding, removing, assigning role and more.
List all known roles. The `pretty' format is the default and it is intended for human readers. The `one-line' format will print all roles space-separated in one line.
Show the role and the assigned gpg-ids.
Create a new role in the team.
Remove the role from the team
Assign the given role to all gpg-ids.
Unassign the given role from all gpg-ids.
List all shared directories. The `pretty' format is the default and it is intended for human readers. The `one-line' format will print all shared directories space-separated in one line.
Show all roles which have access to the given directory.
Add the roles to the shared directory. Same as `pass team share set' if the directory has not been shared previously.
Add the directory to the list of shared directories and share it with all of the given roles and remove any other roles from this share.
Remove the roles from the shared directory. `–all' removes the shared directory completely. If the directory is not being shared with any role anymore, the directory is removed from the list of shared directories and all passwords are reencrypted for the local password store.
Alias for `pass team share remove –all'.
Copyright (C) 2021-2022 Timm C. Fitschen t.fitschen@indiscale.com
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.