Indeed I am working on WireGuard. But I haven't forgotten pass. We're currently working on a new release.
> the project proved to be a wild bunch of hotwired bash scripts that mostly looked like they were written as a one-off job
I very much disagree with this silliness.
> Multiple gpg-ids may be specified, in order to encrypt each password with multiple ids.
That should technically reduce security, when encrypting the same secret with multiple IDs, as it gives a potential attacker more data to work with.
I suggest adding some randomness when encrypting with each key and having pass hide it from the end user when decrypting.
We use Go for almost everything at JustWatch and that's why we decided to rewrite it in Go as this would allow us to add even more features with better abstraction in the future. Bash just didn't feel like the right fit for that.
Reading the description for gopass, you point out:
> There is one slight drawback to all the simplicity, and that is an information disclosure inherent to the design: pass stores all folder and file names in clear text, so even if you fully trust GPG, you should probably not put this repo into a public place like Github, because this may expose your account names and other metadata."
What's not completely obvious from a cursory read is whether gopass improves upon that. Also, the multiple stores feature looks like it might be quite nice, but a lengthier example would be very helpful!
But I don't want to spend my time writing bash and sending patches by mail.
I'm very curious to see how this will stack up against those solutions because, to be honest, there is very little room for improvement from 1Password, in my eyes. They have a very, very solid and secure product and the UI is fantastic.
I have one desperate request; colour output as an option.
Every time there is an update to pass (or I need to reinstall) I need to edit the file and change the options from " tree -C " to " tree -n "
This is a pain in the ass.
I am visually impaired. The 'default' dark-blue that tree uses for directories is unreadable to me.
My two choices for dealing with this are to use DIRCOLORS or edit the pass executable. I'd prefer to not muck about with my environment settings. (as I do not normally see any colour output)
Anyway; awesome project!
I just created an issue for that. Shouldn't be that hard to support it. Feel free to subscribe to the issue on github or comment any thing that's missing. Thanks!
https://chiselapp.com/user/rkeene/repository/hunter2/
Can you elaborate on the differences between how gopass and QTPass accomplish these things and why one might want to choose gopass instead?
Be 100% pass compatible
Storing binary files in gopass (almost done)
Storing structured files and templates (credit cards, DBs, websites...)
UX improvements and more wizards
Tackle the information disclosure issue
Build a great workflow for requesting and granting access
Better and more fine grained ACL
Be nicely usable by semi- and non-technical users
My concern with using something like this or pass is that I have to manage the distribution/backup of the store/vault/db myself - whereas I can throw my laptop off a cliff, buy a new one, login to Keybase, and my passwords are still there.
https://github.com/ejcx/passgo
The difference is mine does not use PGP and is instead password based, but the command line interface is almost identical. I now use passgo to encrypt and manage my ssh keys, etc.
Gopass seems great, especially the multistore support (which you can do w/ pass by setting an env variable), thank you for your work!
https://github.com/justwatchcom/gopass#autocompletion
Would be cool if it could leverage a GitHub public repo for password updates. Something like using the list of collaborators on a repo, iterate over their GH public keys, and push new encrypted files for each collaborator on the repo.
I suppose though, this would leak a lot of metadata on how the tool is being used, and would tie it too closely to GitHub vs just git.
It's literally a port of an existing tool, so a tool DID exist.
There was TeamPass, which was buggy as hell and shouldn't be touched with a long pole... ...but why is there nothing else?
Where can i donate twice my yearly LastPass fee to get something self-hostable opensource and fund their Audits?
And no, Keepass in Dropbox/NextCloud/WhateverStorage doesn't work for a company that has Non-IT People needing access to passwords.
http://rattic.org/
Another unmaintained one is mitro
https://github.com/mitro-co/mitro
I'd love to open source my self-hosted team password manager, but I just don't know how to afford it.
(Mobile OS clients are on the roadmap.)
Vault's sweet spot is automated generation and revocation of credentials which are given to authenticated clients (like creating a one-off keypair for an SSH session & giving the private part to the user and allowing the server to read the public part).
We're currently testing the waters of migrating our pass-like shared password store to vault (so we can grant authorization to automated scripts to read certain shared rotated creds).
This is my concern with pass. It's an awesome tool, but it really needs to figure out a way to hide the filenames. I think this is doable (after all, encfs has the same need, and does it well), but I don't know if the pass team have the will to do it.
> First, the project is curated in a traditional mailing-list based approach that was pretty unapproachable compared to a modern Github based workflow.
Sigh, not this again. I think that I prefer email vice a proprietary, centralised single point of failure like GitHub, and I know that I'd rather not work with someone who considers email unapproachable.
If your email account is unmanageable, fix it. Email's a really, really valuable tool; don't let go of it.
It's just more exposure to put it on GitHub right now because most people bookmark/star there repositories there and don't want to bookmark different cgit/Gitlab/gogs/gitea links. I don't think anyone is abandoning emails just because they don't want to email patches around and manually apply them.
