nevi.dev

My Password Manager - Background

My current password manager is pass. It has served me well for quite some time, but it does not scale all that well to multiple devices. Its git integration may allow me to synchronize passwords against devices, but it has several downsides:

  1. It reveals the list of secrets (and other metadata) to every single device. I do not want to share my personal accounts with my work machine, but I cannot completely separate the password stores, since some passwords are shared.

    Furthermore, implementing proper access control is possible, but fragile and definite not a built-in feature of this setup.

  2. I need to manage GPG keys across multiple devices. It is possible to use multiple keys with pass, but handling one GPG key properly is hard enough, trying to handle multiple keys (some in a possibly hostile environment) is fraught.

Thus, I decided to write my own password manager. I am still figuring out the specifics, though.