I used pass for many years and loved it. I sync'd my password store between 3+ devices including my Android phone using a git remote. I don't recall the exact reason - maybe the pass android client I had used for years went away? I decided to find the next best option and settled on keepassxc and KeePassDX. The backing store is a binary blob but it does surprisingly well via syncthing: autoupdate works and in the event of a conflict the db merge feature hasn't yet failed me.

Granted on the desktop I find using a (qt especially) GUI more invasive than a terminal but at least on the Android side the app is quite good.

Happy pass user for ~8 years now, have ~1300 passwords stored. No issues whatsoever. Use git to sync it across devices, totally awesome.

I have heavily used Pass over the years. Here are some of its pros (an update to my comment several years ago):

* Your secret key can be stored in Yubikey, handled by a dedicated OpenPGP agent. This allows deriving a strong key from a weak one. Your password is basically a short PIN with max 3 tries. Every password retrieval can require a physical touch. This is convenient and secure!

Pass makes sense if you use it with a hardware key, with touch enabled. With this setup, it’s hard to beat its security.

* It uses public key cryptography, and comes with its advantages. You don’t need your master password to add/encrypt passwords. You only need that for decryption. Less exposure of master key, and more convenience.

For that reason, it’s well suited to share passwords with other people or devices. You can encrypt to multiple public keys. This adds multi user and device support.

You can easily add a backup offline public key (which you may print) if you lose your Yubikey.

* You can decrypt a single password without decrypting and exposing other passwords. The passwords are isolated, if you use Yubikey.

* Searching passwords is quick and transparent. You easily see what is in your store.

* You can use it programmatically, eg, your backup script can grab a password from the store.

* It’s a short bash script that you can verify, and delegates encryption to a dedicated well-audited cryptographic tool.

* PGP is a standard, and GPG and git are widely available. There is no database to break or migrate. You can read your passwords anywhere and in the future.

* The script is written by the creator of the acclaimed Wireguard!

There are also cons.

* Some people don’t like that it leaks metadata (filenames, and password tree), though there are versions of pass that fix it.

* Lately gpg is causing some troubles with Debian Trixie. GPG agent frequently locks the Yubikey and requires restarting pcscd (probably due to conflicts with pcscd). There is a similar tool Passage using Age, maybe that solves it.

* There are mobile apps, but they are not as frequently updated as something like Bitwarden apps (which has client for every OS, and frequently fixes bugs and adds functionality).

* I haven’t used and not sure how good browser support is.

Here is a post on a similar password management with GPG replaced with Age

https://words.filippo.io/passage/

I've been doing basically this for many years now.

Each password file is AES-encrypted with my master password.

I copy the whole vault around between machines with rsync.

When I run 'password bank' a shell script searches ~/private/Passwords for files that contain ‘bank’ and offers a menu, then gpg-decrypts the file I selected.

I also use this for scans of my passport, recording my bank account numbers, and anything else I want to keep around.

I thought I was the only one, and now I've found out there are thousands of us!

Pass might work if you really like terminals and only use computers with a Unix-like OS. But if you use a phone, or Windows, pass is just too clunky to use.

Huh, I thought pass wasn't developed anymore for some reason. Glad to see it still is!

Related: https://github.com/gopasspw/gopass

I haven't used pass in a long time, but I used gopass for a while in a small team and it was pretty great.

I like pass and use it a lot, especially as it provides a good and safe backup for the case my vaultwarden instance goes up in smokes.

There is also a drop-in replacement with has some extra features and a bit better UX in some parts, personally I only really use it for the better support for handling multiple GPG keys, as I got some physical backup keys and it can be also nice teams for a shared vault.

https://www.gopass.pw/

https://github.com/gopasspw/gopass

Pass is great, but GPG keys are complicated and add a lot of extra overhead if you don't have one already. Frankly I cannot recommend anyone use GPG today for any purpose. I wrote a much simpler CLI password manager instead that meets explicit security models.

https://codeberg.org/jwgarber/napa/src/branch/main/database....

I have twelve ISBNs that I encrypt for passwords.

Depending on which genre, managing key-rings has element of physical security to encrypt signatures in terminal and bash shell.

For full disk encryption, genfstab and /boot/grub/grub.cfg should contain sigs for partitions.

This is the wirgeuard dude. Jason is one of the GOATs