You can't encrypt new passwords to it, but you can still read old ones that are encrypted to it.
> what’s the right way to share passwords between multiple machines — can i just clone the ~/.gnupg folder, do i need to `export` and then `import` the keys? should i create subkeys for each machine?
if the keys are on a hardware smartcard like a Yubikey, I just reuse the key. if not, I use separate keys for separate hosts and encrypt my pass secrets to all of them using the .gpg-id files
> anyway, i’m using SOPS now
I think SOPS is awesome, too! it's my favorite way to securely store secrets in IaC projects
You can't encrypt new passwords to it, but you can still read old ones that are encrypted to it.
> what’s the right way to share passwords between multiple machines — can i just clone the ~/.gnupg folder, do i need to `export` and then `import` the keys? should i create subkeys for each machine?
if the keys are on a hardware smartcard like a Yubikey, I just reuse the key. if not, I use separate keys for separate hosts and encrypt my pass secrets to all of them using the .gpg-id files
> anyway, i’m using SOPS now
I think SOPS is awesome, too! it's my favorite way to securely store secrets in IaC projects