What about pass (http://www.passwordstore.org/)? No "funky file formats" -- just...

ufo · on June 16, 2015

There are two things that bug me about pass:

* Website names are stored in plaintext filenames and directory hierarchies. No confidentiality and no integrity guarantees for those.

* It uses GPG's public-key encryption instead of symmetric-key encription. This integrates well with gpg-agent but it means that you need to carry a gpg private-key file around with you instead of just remembering a passphrase.

asdasdlkjsad · on June 17, 2015

May I politely point out https://github.com/catch22/pw, which solves the first issue by using a single password database instead of a subdirectory (for the reason that you mention).

tokenizerrr · on June 17, 2015

> carry a gpg private-key file around

You could get a yubikey (or other gpg smartcard) ;)

_ugfj · on June 17, 2015

May I offer my very recent blogpost on pass + yubikey neo https://drupalwatchdog.com/blog/2015/6/yubikey-neo-and-bette...

ntnn · on June 16, 2015

"It's capable of temporarily putting passwords on your clipboard and tracking password changes using git."

Holy moly, thats awesome. I think I'm gonna drop keepass for that.

benoliver999 · on June 16, 2015

Been using it for a month now, it's fantastic.

rakoo · on June 16, 2015

Do you use any syncing mechanism, eg syncing to a repo on Github ? The format should lend to using some remote git repo, but I'm still afraid of the implications of having my passwords in the wild, even encrypted with GPG.

tacticus · on June 17, 2015

I push it up to an encrypted disk on my VPS behind an ssh connection.

the only people with access to the host are trusted people.

The only way ssh access works without a key is from certain trusted networks. (over a vpn only)

ifduyue · on June 17, 2015

I'm using pass, and like it.

yoshuaw · on June 17, 2015

started using pass a few months ago, never looked back