> With pass, each password lives inside of a gpg encrypted file whose filename is the title of the website or resource that requires the password.
What the password goes to can potentially be _very_ sensitive. One of my side projects is a keyring manager; similarly, it feeds the data through GPG. However, the keyring is one file (i.e., all the stuff is rolled together). I also disagree with the design choice of taking the names of the objects on the keyring as a command line argument: they end up in history files. (This is the same argument, really; if you consider the name of the object on the keyring to be sensitive, then you don't want it as a filename (it's not encrypted) or as an arg (it's in a history file… not encrypted).)
> With pass, each password lives inside of a gpg encrypted file whose filename is the title of the website or resource that requires the password.
What the password goes to can potentially be _very_ sensitive. One of my side projects is a keyring manager; similarly, it feeds the data through GPG. However, the keyring is one file (i.e., all the stuff is rolled together). I also disagree with the design choice of taking the names of the objects on the keyring as a command line argument: they end up in history files. (This is the same argument, really; if you consider the name of the object on the keyring to be sensitive, then you don't want it as a filename (it's not encrypted) or as an arg (it's in a history file… not encrypted).)