gopass is a password manager for teams using GPG+GIT.
vault is a tool for managing secrets in modern computing environments.
From this blog post we learn how to create a token helper, allowing vault not to store its tokens on the filesystem but on a more secure storage area.
An example project, by Seth Vargo, implement an helper allowing vault to store its tokens to OSX Keychain
This project, implement an helper allowing vault to store its tokens to Gopass.
A properly installed gopass ( >= 1.6.2 is required )
Also, vault tokens are not meant to be shared, so the vault helper stores the token in a private/ folder which can be a mounted store (handy if you only have 1 store setup and shared with your teams -- which may represent most gopass setup) :
# create a new store and mount it
gopass init --store private --path /path/to/your/new/store
# or mount an existing store
gopass mounts add private /path/to/your/exising/store
Start a server and update your ~/.vault file to use a custom token helper
$ ./demo.shKill the demo server and cleanup folder
$ ./demo.sh cleanSuccessfully tested on Ubuntu Xenial