I enjoy the idea of plaintext files and pure pgp, but
- the hassle of setting up a new computer
- the hit-miss integration with Firefox on linux
- the impossible integration with Firefox on windows
- the leaking of metadata through the directory structure
I am just not sure it's worth it anymore. Security is not simply about cryptography. It's also about ease of use. If too complicated, you'll just start working around the system.
@yarmo Thank you! I have the same mess. But I started with pass (gopass). I like the idea, since it's so simple. But setting up the client on each device, getting pgp keys everywhere... I think I will move to bitwarden as well. But for small groups who need to share passwords or secrets in general, I think pass is a straight forward alternative.
@yarmo I can highly recommended to use pass and bitwarden as a combo.
Bitwarden is perfect for web passwords but at the same time subject to browser security. So for passwords that are used frequently and can be easily recovered, perfect match.
Pass on the other hand is perfect for scripts, automation and low frequency secrets like 2FA recovery keys. Also, due to being outside of the browser context it's also ideal for high security passwords especially when using smartcards.
@yarmo I actually elaborated on the topic a while ago:
Just in case you didn't read already ^^ but above is the TL;DR :D
@sheogorath @srs @yarmo nice discussion. and that is a nice blog post too. i use pass and it's great for me and enough. except when sharing credentials with other people and groups. have tried to look into selfhosting (cloud is for me an absolute no-go) bitwarden for that but it's pretty involved. had big hopes for bitwarden_rs but it depends on docker for building the debian package (c'mon... wtf).
@yarmo 😅 I've integrated pass nicely on my workflow after... years using it... directly from terminal (bash autocomplete) with no browser plugins, and app.
👍 Yes, it might not be the most convenient in some situations, but I keep it sync with #nextcloud so new devices are not a problem
good luck with #bitwarden
@yarmo I've been enjoying bitwarden a couple months, and I like financially supporting an open source project.
Keepass in Seafile worked well for the pas few years, but browser integration with bitwarden is just miles ahead.
They also have a CLI that could perhaps be used for automation tasks, but iirc the vault unlock process was a bit onerous...
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.