[echo42null]

Best practice question for syncing pass across devices: Since exporting and re-importing the private key to a phone seems risky, is the recommended approach to generate a separate GPG key pair on the mobile device and re-encrypt secrets to it?

[TiddoLangerak]

I have a different pubkey per device. I store all the pubkeys in the pass repo, and have a shell script to re-encrypt everything with those keys. So when I add a new device, I just need to add its pubkey, and then re-encrypt on an existing device.

[wkat4242]

I use yubikey over nfc with my phone. This way the private key material never reaches the phone.

Using the openkeychain app and password store.

I have multiple yubikeys as target for each password of course.