[Sir_Cmpwn]

I can't help you with #4, but I've been a pass user for a long time: https://www.passwordstore.org/

It encrypts your passwords with your GPG key and stores them in a git repository. You can of course easily extend this to do a lot of different things.

I also wrote this tool for automating password rotation:

https://github.com/SirCMpwn/pass-rotate

[eli]

It's easy when you're the only user. Pretty tricky when you want to share entries among different groups of users.

[rkeene2]

My password manager, hunter2 ( https://chiselapp.com/user/rkeene/repository/hunter2/ ), supports multiple users. Each user is identified by their public key and the DB is a plain text file that can be easily managed in your version control system.

[enoch_r]

I haven't used this (pass works fine for my use case), but Gopass was on HN a bit ago:

https://www.justwatch.com/blog/post/announcing-gopass/

One of the claimed features is "multiple stores: Combine several work teams and your private store!"

[lucastx]

Keyringer is a software that does exactly what I think you need, in a similar way than the parent's suggestion (gpg over git):

Keyringer: encrypted and distributed secret sharing software https://keyringer.pw/

[megous]

Isn't sharing passwords a bad thing to do in general? Each user should have a separate account/identity and manage his own secrets.

[giovannibajo1]

There are endless online services which only allow one user per logical account. In fact I would say the majority of them do it.

[megous]

So why not create multiple accounts? ToS usually advises against sharing credentials.

[will_hughes]

Because sometimes you're trying to manage a single resource.

eg I know some phone/sms services that only let one account manage a phone number or something.

Also, sometimes account licences are absurdly expensive.

There's some services that even though we have (say) 50 licenced users, they also want us to have licences for each admin. We're not spending $50k/year just so we can each login once or twice a year to fix/configure something for someone.

[lazyasciiart]

But then there's netflix (and probably the same problem of multiple users/one credential for hulu, hbo go, whatever else).

[Sir_Cmpwn]

It's probably an afternoon project to get that functionality. Since it's just a git repo, that much is easily shared. GPG supports encrypting messages for multiple recepients. Since pass is simple and open source it should be quite easy to add what you need. Send your patches upstream, I'm sure that others would find them useful too!

[visualphoenix]

Although I haven't tried it myself, it looks like pass already supports this using the PASSWORD_STORE_KEY variable in the set_gpg_recipients() function. [0]

[0] https://git.zx2c4.com/password-store/plain/src/password-stor...

[runejuhl]

Or just put key IDs in a .gpg-id file:

Initialize new password storage and use gpg-id for encryption. Multiple gpg-ids may be specified, in order to encrypt each password with multiple ids. This command must be run first before a password store can be used. If the specified gpg-id is different from the key used in any existing files, these files will be reencrypted to use the new id. Note that use of gpg-agent(1) is recommended so that the batch decryption does not require as much user intervention. If --path or -p is specified, along with an argument, a specific gpg-id or set of gpg-ids is assigned for that specific sub folder of the password store. If only one gpg-id is given, and it is an empty string, then the current .gpg-id file for the specified sub-folder (or root if unspecified) is removed.

-- https://git.zx2c4.com/password-store/about/

EDIT: Better formatting

[kagebe]

I use it to share passwords with one other person via a suitably restricted git repo, works perfectly fine.

Edit: See sister comment by runejuhl.