Revision control

Kacper Why edited this page Oct 7, 2015 · 18 revisions

Using revision control with CPM

Since the CPM password database is encrypted, we can safely check it into a revision control system like git to receive the following benefits:

  • securely access password base from many computers
  • securely share passwords with other people
  • backups (passwords are stored centrally and on user nodes)
  • easy rollbacks
  • lock notification for multiple users
  • audit trail (who changed the password database)

CPM in git is useful when a group of people is sharing secrets in an organized way, but furthermore has advantages over regular CPM even in a single-user setting where you share your passwords with yourself across multiple machines.

Note however that since the database is encrypted we _cannot_ see which passwords have been added/modified/deleted unless we decrypt the database.

When using a cpm wrapper script to access the database, the checkout/diff/checkin can be automated to the point where all you're interacting with is CPM.

Here is how to use CPM with GIT on ubuntu and debian:

First, set up CPM as per usual. Then, follow this scripted guide:

Create decentralized CPM

## Create a git repo
# create a git user
root@server# groupadd -g 617 git && useradd -g 617 -u 617 git
root@server# su git

# add users keys to git's authorized keys
git@server$ mkdir -p .ssh && chmod 700 .ssh cat me.pub you.pub him.pub >> .ssh/authorized_keys

 # create a bare git repo on the _server_
 git@server$ git init --bare --shared cpmdb.git

 ## setup your CPM database in GIT
 # fetch the empty repo from a user machine
 me@mine$ git clone git@server:cpmdb.git

 # import your cpmdb and cpmrc
 me@mine$ mv ~/.cpmdb ~/.cpmrc cpmdb/

 # import the cpmgit wrapper
 me@mine$ cat > cpmgit << EOF
 #!/bin/sh
 cd ~/cpmdb
 git pull
 /usr/bin/cpm -f cpmdb -c cpmrc
 if [ -z "$(git status --porcelain)" ]
 then
    echo "No change"
 else
    # avoid leaking info about what is in store by automagically writing gibberish
    RNDMSG="$(dd if=/dev/urandom bs=100 count=1 | tr -cd '[:alnum:]' | head -c 8)"
    git commit -am "$RNDMSG"
    git push
 fi
 EOF
 me@mine$ chmod +x cpmgit
#Run the script, create a cpm database and add your group members keys.
 me@mine$ ./cpmgit

# Commit and push the changes
 me@mine$ git add cpmrc cpmdb cpmgit && git commit -m 'initial'
# install the cpmgit script
 me@mine$ mkdir -p ~/bin & ln -s ~/cpmdb/cpmgit ~/bin

## Use the 'cpmgit' script every day
 me@mine$ cpmgit
## Wash, rinse, repeat

Caveats:

  • all users on the central server should be members of the group that owns the git repo
  • the central git repo should be shared to avoid permission problems.

Using decentralized CPM

If someone already has a CPM database in git they want to share with you, simply:

  1. clone the git repo
  2. install the script
  3. use cpmgit!

Recommendations:

  • use gpg-agent or gnome-keyring to avoid punching passwords too often.
  • CPM will refuse to open a password file signed by a key you don't trust. When you add a new member to the database, everyone else needs her key to read the new database, and they must trust these keys, otherwise CPM will refuse to operate on the database.
  • you can put your gpg private keys on GPG-smartcards for added security

For better results, trust the keys!

gpg --recv-keys ADHDAFG ASDAFAFH # import group members' keys
gpg --update-trustdb # give marginal trust to above keys

Offline CPM access

With this setup, if you are offline or the git server is inaccessible, the script will stall trying to fetch the newest revision of the password database. To get at your passwords when offline, do:

cd path/to/cpmgit && cpm -c cpmrc -f cpmdb

If you make any changes you can git -am x commit them, but since you are offline you are increasing the odds of causing a conflict by not having the most recent database available and not pushing your changes to the rest of the group.

Using multiple CPM databases

You might be sharing different passwords with different groups of people, and this technique makes group sharing easy: simply make a different git repo for each group, encrypt with different keys and make multiple scripts, each of which opens a different database. For instance, you can have cakecpm and muffincpm for sharing the cake and muffin secret recepies, respectively.

Upon the eventual conflict

If / when you get a commit conflict (git rejects your push) this means you added some passwords while someone else added some passwords, and the other guy beat you to the push. You haven't lost the passwords you added - they are still in ~/cpmdb/cpmdb. To get back to normal you should reset, pull their changes and then add your own changes. Here's how to do that:

## open up cpmdb first and find your passwords just incase you forgot which password add/change caused the conflict
me@mine$ cpm -f ~/cpmdb/cpmdb
## reset the repo, deleting your changess
me@mine$ git reset --hard
## run cpmgit as normal
me@mine$ cpmgit
## add your passwords and push quickly now to avoid having the same problem!
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.