I tried using pass once. I like that it follows the Unix philosophy, and I want to like it, but the fact that all of your account names are visible in the clear is a deal breaker for me.
replyI'm interested in this, what do you use to host the git repo? Just a private repo on something like github or your own server? How do you backup your private key?
replyI also use pass. Any forge you feel like is fine (I use gitlab). I backup my gpg key with `gpg —export-owner-trust` and store that backup elsewhere.
replyPass has a pretty good ecosystem of plugins/other clients, as well. There are open source iOS/Android clients and browser extensions so once you’re setup the day-to-day experience is not far off from any of the popular hosted password managers.
My only real issue is the dependency on gpg, as it’s pretty long in the tooth and a hassle to operate. (If you are not comfortable using gpg, spend some time learning that before you go all-in on pass!) There’s a fork[1] which swaps gpg for age, but it hasn’t attracted enough attention to get a similar ecosystem of mobile clients/browser extensions, so it’s not a very practical choice IMHO.
I don't think Age will catch on as a replacement until it has a gpg-agent equivalent to facilitate access.
replyI run Gitea on my own server. (I didn't switch to Forgejo because it's not in the Debian repositories.) I don't have a backup of my private key... I should do that.
reply+1 for pass! I use this on my VPS to store secrets. I love that it syncs with GIT. Good stuff
replyI have used this for almost 10 years now. It's pretty barebones but it seems like the usable lifetime of commercial password managers is 4-5 years before they get enshittified, bought, discontinued, price-jacked, or otherwise made unsuitable for use. "pass" just keeps working.
reply