As an alternative to that, written in Go and compatible to "pass", there's also https://www.justwatch.com/gopass/

The main difference is, that passmgr uses authenticated symmetric encryption (aes-gcm) to store the contents in a single file, while pass as you already mentioned stores each secret in a separate file, using asymmetric encryption provided by gpg.

Storing secrets in separate files could leak metadata, especially when using a public git repository for synchronization between devices.

Other than that, you dont have to deal with gpg key management in passmgr.

I did something similar with a project for Node.js called nermal[1], which comes with an example called `tagaloop` that I still use to store my passwords. Even though it had a bit larger of a scope (it is a library for encrypting/decrypting arbitrary JSON with AES-GCM + scrypt + random-length-padding), one of the examples is a password manager called `tagaloop`. It did not really get the sort of traction that I hope you're going to see -- good luck! Fortunately I can still call it a success because it has made my life much easier in many cases.

We both can make different choices and that's OK, but I'm happy to see as a design point that both of our password managers are interactive loops to avoid the history management of the shell. I will say, though, that my files routinely hold way more than 4 passwords and listing them all for the user to choose by number is not really appealing: so one of the biggest things that `tagaloop` does is that it just lets you grep through them at the interactive console. You might want to consider that as a very important feature.

[1] https://github.com/drostie/nermal

gpg key management, especially hooking into gpg-agent, seems like a feature, really.

I think there are many users or who dont want to setup gpg on multiple machines. I can also imagine scenarios where it is simply not possible to setup gpg on every machine. Maybe you could workaround such scenarios with portable versions of gpg or something like yubikey.

However i like the idea of having a single binary with a minmal set of dependencies, which can be moved around easily wherever i want to use it.

IMO Filenames being readable is not really a downside. How else would you recognize which passwords you need? In any other password manager you have a reference, when using pass you simple have a directory of encrypted files with a simple interface for access. I store them under lock and passphrase, a 4096bit rsa or ed25519 key, which is on an encrypted hard drive, and only accessible by a password protected user or root.

It's Unix Philosophy at it's purest, and the reason why I use it for my password management.

It depends on how you use it. As long as the identifiers are not visible to anyone else (like you described), its okay.

But if you sync your secrets across devices, using services that are not under your control, or your device gets stolen, more information than necessary got leaked.

You should store all the passwords in one file.

I love pass! I wrote this article on how to use it with the yubikey neo https://www.drupalwatchdog.com/blog/2015/6/yubikey-neo-and-b...

> Only downside that I've seen users mention is that filenames are readable.

People have made various pass extensions, by the way, to work around this.

I have been using pass since Feb 14 2015 (according to git) now, and that is the only thing that bothered me so far. Do you have a link to these extensions? I would be interested in that.

check out tomb https://github.com/roddhjav/pass-tomb