1. 37

    I’ve been very happy with pass, a command-line tool that stores passwords and notes in a git repository. Being a directory of text files, it’s easy to use standard command-line tools on or tinker with programmatically. There’s a thriving ecosystem of plugins, tools, and clients.

    I also use autopass for autofilling in X applications. As time goes in, I fill in more and more autotype fields to check ‘remember me’ boxes and other non-standard fields. It’s really convenient. (One annoyance is that if any password files are not valid YAML, autopass errors to stdout without opening a window, so I hit my hotkey and nothing happens.)

    1. 11

      One more vote for pass, i’ve been a happy user for years now. Was missing a proper browser extension for it so I built one: Browserpass. It’s no longer maintained by me due to lack of time, but the community is doing a far better job at maintaining it than I possibly could so that’s all good!

      1. 10

        Pass looks pretty neat, but the reason I stick with KeePass(XC) is that Pass leaks metadata in the filenames - so your encryption doesn’t protect you from anyone reading the name of every site you have an account with, which is an often overlooked drawback IMO.

        1. 5

          Your filenames don’t have to be meaningful though. It would be relativity trivial to extend pass to use randomly generated names, and then use an encrypted key->value file to easily access the file you want.

          On the other hand, if someone already has that access to your device, accessing ~/.mozilla/firefox/... or analogous other directories with far more information is just as trivial, and has probably more informational value.

          1. 3

            Then youre working around a pretty central part of pass’s design, which I don’t really like. It should be better by default.

            wrt your second point, if you give up when they can read the filesystem, why even encrypt at all? IMO the idea is you should be able to put your password storage on an untrusted medium, and know that your data are safe.

            1. 12

              if you give up when they can read the filesystem, why even encrypt at all?

              Because in my opinion, there’s a difference between a intruder knowing that I have a “mail” password, and them actually knowing this password.

        2. 5

          The QR code feature of pass is neat for when you need to login on a phone.

          1. 2

            Huh, you made me read the man page and learn about this - it’s really cool! What’s your usage like for this though? Just use any barcode reader and then copy paste in the password box?

            1. 1

              A barcode reader I trusted, but yeah - its a good hack because I usually have my laptop which has full disk encryption.

              1. 2

                Yeah, when you said that all I could think of was the barcode scanner that I used to use where it would store the result of each barcode scanned in a history file… Not ideal :)

          2. 2

            Seems like the android version’s maintainer is giving up. (Nice, 80k lines of code in just one dep…)

            The temptation to nih it is growing stronger but I don’t have enough time :(

          1. 18

            I found that neovim is much, much faster than vim, with a comparable setup. I would highly recommend trying it. I have been using neovim for over a year now, it’s very good. A lot of high quality plugins are being written with support for only neovim now.

            Additionally, I would highly recommend fzf.vim over CtrlP and others. I have tried all of the major fuzzy finding plugins for vim, and fzf.vim is by far the fastest and works how I would expect.

            I stopped using CtrlP because in a large project (several hundred thousand files), searching for a small string “icp” would not find “app/models/icp.rb”, but would instead find longer and more irrelevant results. fzf.vim works as I expect in this case.

            You also never need to invalidate the cache, it rebuilds every time you search. It’s fast enough that you can use it to search all files on your computer. You can do locate / | fzf and it’s ready to go in a second or so (you can still search while it’s indexing). In normal projects it’s pretty much instant.

            tl;dr: use neovim and fzf.vim. All hail junegunn.

            Edit: Oh, and if you want to use ctrl-p to activate it, add this to your vimrc.

            noremap <c-p> :FZF<CR>
            1. 3

              Seconded, fzf is great. I didn’t yet know about the vim specific wrapper for it though, so thank you for that! This is part of why I love fzf, it’s not specific to vim and so I use it all the time, even when not inside vim.

              1. 2

                junegunn has made me love vim again. He’s tpope’s successor :-)

                1. 2

                  FWIW, OP was a neovim user.