[troyjfarrell]

Version control is really cool for this sort of information. Unfortunately, pass leaks information in filenames, which is a pretty big problem for some uses. In my opinion, the version control needs to be built into the application to avoid all the potential side channel information leaks.

[dkbrk]

I think it's important to point out that whether something like this matters depends entirely on your security model. For example, an attacker learning that I have a gmail account isn't very useful information, so I don't consider it confidential. This is a property of most of my credentials.

The way pass is built on top of gpg encrypted files in git is at the core of its robustness and simplicity. Creating an encrypted, version controlled store from scratch would be a not insignificant engineering effort, though something similar could be accomplished, for example, by putting the password store inside encfs.

If the mere existence of a credential is considered confidential information, a simple measure to bypass this flaw is to give it a meaningless randomly generated name such as "faithful_iceberg".