In the Linaro Infrastructure team we have several shared credentials for external services used by one or more of the projects we maintain. Recently, Paul started a discussion about the best way to store those credentials securely while still making them accessible to everybody in the team. We agreed that one reasonable way to do so would be to store them in a gpg-encrypted file (with keys from each of us), stored in a private branch in Launchpad, so I cooked a small script which will decrypt a file, open it in your favorite editor and encrypt it again once you're done. I'm sharing it here as I figure it might be useful to somebody else.

In its current version you have to specify the name of the Launchpad team for which the file will be encrypted, but it'd be trivial to change it to either use just your own key or a set of keys you pass to it. Also, since it gets the list of people for which the file will be encrypted from Launchpad, it takes a few seconds to complete after you're done editing. Oh, and you'll be asked to confirm the keys belong to the people you want to share the file with, so do yourself a favor and double-check them before hitting 'y'.

Read more