Comment by nickjj
1 day ago
I made the switch from pass recently too. I had ~400 secrets stored in it for almost the same time as you.
Ultimately I wanted something easier to sync between multiple devices. Now that I am traveling more seriously I can't get away with only having a few important passwords saved on my phone and laptop.
It was a lot easier to sync (1) file with KeePassXC and it has 2 well supported Android apps to choose from. It took me around 3 hours one day to manually move everything over, I took that as an opportunity to prune and refactor everything which is why I didn't use the CSV import feature.
Password managers for me are a "write occasionally, read frequently" app so it's pretty painless to shoot over 1 file over my local network to keep 3 devices in sync.
That's curious. I moved from KeePassXC to pass precisely because the synchronization story for the database file wasn't working so well. For too many times I ended up with an outdated database in the backend server because the sync process failed to work properly.
After I moved to pass, every credential became its own file and I rarely edited the same credential in way too many devices. For the rare conflicts I had, having it being Git made it possible to resolve them without massive hassle.
Then again, that was also some many years ago. Maybe the synchronization story is better these days.
I didn't like the idea of pushing a pass git repo to a private GitHub repo.
For now I just temporarily drop the DB onto Google Drive manually (through the web site since I don't use the app) to quickly share it to the other devices without worrying about USB cables or running native apps on each device. Then I delete it from Google Drive.
I'm hesitent to use "sync" type of tools that run on each device because I don't have a central server. Also I really don't like the idea of running any type of cloud hosted network storage desktop app on each device to have a network drive.
We'll see how it goes I suppose.
I wonder if it'll involve writing a tiny shell script that I run on my desktop machine to handle syncing it across devices and it always ensures the latest copy makes its way onto each device. That would allow me to freely add new entries on any device and worry about syncing it across devices when I am 100% sure all devices are on the same local network. I think that will work out in the end.
I don't need real-time replication because if I'm on the road using my phone, I don't mind my desktop being outdated until I get back home.
> I didn't like the idea of pushing a pass git repo to a private GitHub repo.
I had the same reluctance at first, but after considering it was protected both with my gpg key and my passphrase, and private on top of that, I came to the conclusion it is fine for me. It feels assuring to have it in a remote location where it is safe if I have burglary or fire or an accident like that. My keys are in a few secure locations too
I would never upload it to GitHub either even though it's encrypted. It still leaks the metadata. And I don't believe in cloud anyway.
I just set up a simple git server in docker for it. Takes almost no resources.
KeepassXC combined with Syncthing is enough for me too.
I've been using this combo since many years and it's been working flawlessly across: 2 mobile phones, 2 laptops, 1 Synology server.