[adilparvez]

You can use a hash of the site appended with a .pass wide pepper as the name of the directory storing credentials for a particular site, then use a wrapper script that hashes its input before passing it to pass.

Also full disk encryption.

[omtose]

This is all a lot of effort, if I went down that road I might as well skip "pass" and handle the passwords myself. What I like about pass is that there isn't much setup.

Full disk encryption also doesn't prevent a running application from seeing the directory structure. But I guess this is not a very realistic attack vector.

[adilparvez]

Yes, under that threat model you would lose with all of these password managers.

[omtose]

How so? If the entire directory structure is also encrypted then no program can easily know which sites or services I have passwords for.

[adilparvez]

I was meaning if your machine was compromised.