Are there mechanisms for fully automatic synchronization on every file change and every initialization in the Android and console apps for password-store out of the box these days? Using Syncthing with password-store at the moment to get a user experience as close to that as possible. Had to switch from the Android app to Termux and the CLI because the app no longer supports usage with Syncthing.
Comment on Password manager woes. How have you solved syncing on Android?
BozeKnoflook@lemmy.world 1 week ago
I use passwordstore.org which is basically a bash script that wraps GPG; but there is an Android client as well.
Everything is stored in encrypted files tracked by git. Files are synchronized by git/SSH to a server I run.
nykula@piefed.social 1 week ago
BozeKnoflook@lemmy.world 6 days ago
There has to be, the PasswordStore app for Android can keep the GPG files in a storage location where other apps can read & write them. All you need is something to handle the synchronization.
I’m a control freak and prefer to do things like that manually, so I just use the built-in git & SSH based method it provides.
nykula@piefed.social 6 days ago
I remember the shared storage location functionality in the Password Store app but I no longer see it in any versions released since last year. That’s why I had to switch to Termux. Also a control freak, just a different kind 😅
versionc@lemmy.world 1 week ago
I actually used
passmany years ago and I quite enjoyed it, except for the fact that the entry names are presented in clear text. You’d also have to manage your GPG secret which I’m not a fan of (in fact, my password manager is how I usually manage GPG and SSH keys in the first place). On the other hand, I guess you should keep a key file on each device on top of a passphrase even if you use a KeePass database, so I guess that point is moot. There are also no good way to include attachments. At that point Vaultwarden feels more convenient, but the more I’m thinking about it, the more I’m warming up to the idea. We’ll see, maybe I’ll give it a shot again.Thanks for sharing your thoughts!
BozeKnoflook@lemmy.world 6 days ago
That entry names are stored in plain text doesn’t bother me; if somebody has broken into my system so well that they’ve copied my password store then the last of my concerns will be if they can easily find out if I have a password stored for example.org or example.net. At that point it doesn’t matter if they can tell that I have a Jellyfin password stored, because that service is running on my server with clients installed on my phone & tablet.
And I handle key storage with a pair of Yubikeys which hold a copy of my private key. It can’t be extracted (only overwritten). There is a physical copy kept on offline, disconnected storage, which could be an attack vector – but if we’re at the point of somebody breaking into my house to target my password management then all bets are off: you don’t need to break my kneecaps with a hammer for me to tell you everything, I prefer to keep my knees undamaged.
For attachments I just add another entry; /services/example.org-otherThing - there’s nothing stopping you from encrypting binary data like an image.
And when it comes to convenience: I have a set of bash scripts that use Wofi to popup a list of options and automatically fill in data. Open example.org click the login field, hit meta-l, type example.org, hit enter and wait a moment: it’ll copy and paste the username, hit tab for me, then copy/paste the password, then copy a bunch of random data into the clipboard buffer like 10 times before copying an empty string another hundred times to flush said buffer. meta-f for username only, meta-g for password only; it’s honestly way more convenient for me than the 1Password setup I use at work.
I understand the point the video is making, but I think it’s irrelevant if you keep the private key on something like a Yubikey.