Onboarding wizard "Create a Team" option is confusing to the end user

[Zamiell]

I decided to give Gopass another try on a fresh CentOS install on a VM.

Steps to reproduce: 1) Type the gopass command. Go through the entire wizard. Output is as follows:

[root@localhost ~]# wget https://github.com/justwatchcom/gopass/releases/download/v1.6.1/gopass-1.6.1-linux-amd64.rpm
[root@localhost ~]# rpm -i gopass-1.6.1-linux-amd64.rpm
[root@localhost ~]# gopass
It seems you are new to gopass. Do you want to run the onboarding wizard? [Y/n]:
[init] No useable GPG keys. Generating new key pair
[init] [gpg] Key generation may take up to a few minutes
[init] [gpg] Creating key pair ...
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection?
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Zamiell
Email address: zamiell@zamiell.com
Comment:
You selected this USER-ID:
    "Zamiell <zamiell@zamiell.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 39355665 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   2048R/39355665 2017-11-29
      Key fingerprint = B498 27AE F767 A662 4EAF  7BF4 3956 F95E 3935 5665
uid                  Zamiell <zamiell@zamiell.com>
sub   2048R/EA552C19 2017-11-29

 -> OK
[init] [gpg] Public key exported to '0x3956F95E39355665.pub.key'
[init] [gpg] Done
[init] Creating a new team ...
[init] [local] Initializing your local store ...
Please select a private key for encrypting secrets:
[0] 0x3956F95E39355665 - Zamiell <zamiell@zamiell.com>
Please enter the number of a key (0-0) [0]:
Use Zamiell (zamiell@zamiell.com) for password store git config? [Y/n]:
[init] [local]  -> OK
[init] [local] Configuring your local store ...
Do you want to automatically push any changes to the git remote (if any)? [Y/n]:
Do you want to always confirm recipients when encrypting? [y/N]:
[init] [local]  -> OK
Please enter the name of your team (may contain slashes) []: InfoSec
[init] [InfoSec] Initializing your shared store ...
Please select a private key for encrypting secrets:
[0] 0x3956F95E39355665 - Zamiell <zamiell@zamiell.com>
Please enter the number of a key (0-0) [0]:
Use Zamiell (zamiell@zamiell.com) for password store git config? [Y/n]:
[init] [InfoSec]  -> OK
[init] [InfoSec] Configuring the git remote ...
Please enter the git remote for your shared store []: https://github.com/Zamiell/test.git
Username for 'https://github.com': Zamiell
Password for 'https://Zamiell@github.com':
[init] [InfoSec]  -> OK
[init] [InfoSec] Created Team 'InfoSec'
gopass
└── InfoSec (/root/.password-store-InfoSec)

Ok, so far so good. Now, 2) Create a new password:

[root@localhost ~]# gopass generate foo/bar
How long should the password be? [24]:
Warning: git has no remote. Ignoring auto-push option
Run: gopass git remote add origin ...

Error: No clipboard utilities available. Please install xsel or xclip.
failed to write to clipboard
github.com/justwatchcom/gopass/action.(*Action).copyToClipboard
        /home/tex/src/go/src/github.com/justwatchcom/gopass/action/clipboard.go:15
github.com/justwatchcom/gopass/action.(*Action).Generate
        /home/tex/src/go/src/github.com/justwatchcom/gopass/action/generate.go:149
main.main.func32
        /home/tex/src/go/src/github.com/justwatchcom/gopass/main.go:496
github.com/justwatchcom/gopass/vendor/github.com/urfave/cli.HandleAction
        /home/tex/src/go/src/github.com/justwatchcom/gopass/vendor/github.com/urfave/cli/app.go:485
github.com/justwatchcom/gopass/vendor/github.com/urfave/cli.Command.Run
        /home/tex/src/go/src/github.com/justwatchcom/gopass/vendor/github.com/urfave/cli/command.go:193
github.com/justwatchcom/gopass/vendor/github.com/urfave/cli.(*App).Run
        /home/tex/src/go/src/github.com/justwatchcom/gopass/vendor/github.com/urfave/cli/app.go:250
main.main
        /home/tex/src/go/src/github.com/justwatchcom/gopass/main.go:1034
runtime.main
        /usr/local/go/src/runtime/proc.go:185
runtime.goexit
        /usr/local/go/src/runtime/asm_amd64.s:2337

So two separate issues here:

1) Even though I specified a remote URL for Git during the onboarding wizard, it did not seem to stick. Any tips? Seems to just be a bug.

2) By default, if there is no clipboard available on the system, the program should NOT print out a 20 line error message to me. A more reasonable approach: how about it just gives a one line warning? An even more reasonable approach: it writes "warnonnoclipboard: false" to the "config.yml" file after the first warning so that the user is not constantly spammed with warnings about not having a clipboard installed on the machine every single time they execute a gopass command.

These both feel like non-CentOS specific bugs to me, but if necessary I can confirm on other platforms.

[dominikschulz]

We'll be tracking 2. in #481.

But for 1. I'd like to ask you to run cd /root/.password-store-InfoSec && git remote -v. The code for initializing the git remote looks correct on first sight and even if there was an underlying error it should at least print an error.

[Zamiell]

Hey dom. Sure thing.

[root@localhost .password-store-InfoSec]# git remote -v
origin  https://github.com/Zamiell/test.git (fetch)
origin  https://github.com/Zamiell/test.git (push)

So why does gopass not think I have a remote?

[dominikschulz]

Oh, it took me a while to spot the mistake.

You didn't specify a git remote for your local root store, only for the team store (InfoSec) which should be mounted at InfoSec/. Later on you try to create an new password in the root store (because foo/bar doesn't start with InfoSec/). Obviously this root store doesn't have a remote so it can't push.

We can definitely discuss UX and documentation, but the implementation works as expected.

[Zamiell]

Ok, that makes sense. So in a team based environment, the user is expected to type the full team name as a prefix for every single gopass command? That seems rather cumbersome.

Reflecting on this, I think that in total, there are 4 use cases for gopass:

1) Users who ONLY use gopass for their team (.password-store-team) 2) Users who use gopass for their team + personal passwords (.password-store-team & .password-store) 3) Users who use gopass for two or more teams (.password-store-team1 & password-store-team2) 4) Users who use gopass for two or more teams + personal passwords (.password-store-team1 & password-store-team2 & .password-store)

The current scheme seems great for number 2, number 3, and number 4. But for number 1 it stinks. And wouldn't we expect number 1 to be the most numerous / default, especially considering the stated audience at the top of README.md?

Assuming I understand this problem correctly, I'll go ahead and begin to brainstorm some possible improvements here. The first thing that comes to mind is that gopass can actually dynamically detect use case number 1 at runtime, can't it? If .password-store is empty and only one .password-store-foo style directory exists, then its use case 1. And then gopass would be smart enough to not require the team prefix.

[dominikschulz]

That is a pretty good summary, sounds correct.

Of course we also support use case 1. You can add a remote to your root store use only this store. Then you don't need to prefix your secrets.

The current recommended way to bootstrap such an setup is to use gopass clone <team-git-repo>.

I think the only issue here is that we don't make this easy/possible with the onboarding wizard.

Right now we only offer three use cases in the wizard: a) Local/Personal store only (w/ or w/o git remote) b) Create a local store and a new team (w/ git remote) c) Join an existing team (w/ git remote)

We offer no option to ONLY join an existing team. This should be easy to add if that would help you.

Your other use cases are of course also possible, but you'd first have to to through the wizard for the first team and then add additional mounts for the other teams.

[Zamiell]

I see. Ok, so it sounds like the onboarding wizard should expand the "Create a Team" option. After the user selects "Create a Team" from the menu, it should ask:

Will this team's password store be the only password store that you will use on this system?
If not, you will have to specify the team prefix before every gopass command. [Y\n]

And if yes, initialize it to .password-store.

Something along those lines?

[Zamiell]

And yes, entirely separately, the onboarding wizard should have an option to ONLY join an existing team.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.