[jkepler]

How would this compare with pass[1], the "standard UNIX password manager"? Is it simply that SpicyPass uses newer cryptography than pass?

Pass uses gpg along with the filesystem and git, so it is lightweight, and super-easy to backup offsite, as long as you guard your gpg keys separately. For those who want a GUI, QtPass[2] provides a simple GUI while using pass in the background.

[1] https://www.passwordstore.org/ [2] http://qtpass.org/

[dnpp123]

Yeah I don't see the advantages of this compared to `pass` as well.

The whole source code of bash pass [1] is almost as long as a single header file [2] from this C++ software. Plus pass already handles backup... Minimalist heh.

[1] https://git.zx2c4.com/password-store/tree/src/password-store...

[2] https://github.com/JFreegman/SpicyPass/blob/master/src/spicy...

[Jfreegman]

The pass source code you linked to is just a wrapper for the unix toolset (and has twice the byte count, not that it matters). Pass has a completely different crypto implementation and security model than SpicyPass. The two are not synonymous, either in features or UX. I elaborated on more of the differences between the two in a different reply to a similar comment.

tl;dr different strokes for different folks. I didn't write spicypass with the intent of replacing pass.

[dnpp123]

> just a wrapper for the unix toolset

Yeah, that's the point of using Unix, and why pass is great for that.

[woile]

I remember reading somewhere that Pass could be used with libsodium (or age), but I cannot find the source now, sorry.

One difference I see between this and pass is that spicypass is storing all the credentials in a single file. If you don't want to leak metadata with pass you have to add pass-tomb[1].

Anyway I just use pass (gopass actually) and I have no problems, it's a great improvement over a text editor.

[1] https://github.com/roddhjav/pass-tomb

[brachi]

I'm pretty satisfied with the minimalism of pass, and thought of asking this question. The documentation is also pretty good.

[Seirdy]

I personally didn't find pass to be minimal enough (not all POSIX-y systems use bash as /bin/sh, after all), which is why I switched to pash [0]. I created some shell functions to integrate it with fzf and support multiline passwords (in which the first line is the password and following lines contain metadata like usernames). The code is in my dotfiles [1].

[0]: https://github.com/dylanaraps/pash

[1]: https://git.sr.ht/~seirdy/dotfiles/tree/master/.config/shell...

[xfitm3]

pass is great. sops by Mozilla is pretty sweet too.

[tjoff]

I find pass quite hard to follow and grok what it is doing and what assumptions or consequences of using it are.

And for the life of me I can not get it to prompt for the password in the terminal, which is infuriating.

First glance of SpicyPass looks promising in my eyes.

[woile]

Hey, for me it took me a while to understand it as well, so I created a cheatsheet[1] and a tutorial[2] (shameless plug). Maybe they are helpful to you.

[1] https://woile.github.io/gopass-cheat-sheet/

[2] http://woile.github.io/posts/sharing-team-secrets/

[anderspitman]

Is there a decent pass integration with Android?

[101101001010]

There is Password Store[0] although apparently no longer maintained (currently still using it). The downside is that there's no auto-fill etc. meaning that you have to copy and paste every login manually.

[0] https://play.google.com/store/apps/details?id=com.zeapo.pwds...

[emptysongglass]

Password Store is still being developed. Master was recently updated to support Android's Autofill.

[101101001010]

That's great to hear! I've been a long time user and never had a single issue with it. Autofill would be great!

Do you know why the Play Store description says that it is no longer maintained? Is the app being published somewhere else?

[emptysongglass]

I don't see that anywhere in the description? Last update shows March 20th. Listing I'm look at is https://play.google.com/store/apps/details?id=dev.msfjarvis....

[101101001010]

Huh, it appears that the app in the link I shared above it's the legacy version and this should be the new one (guessing from the age of each app).

Thanks for the info