If you want a password management system that is plain-text based, let me introduce to you my setup which utilizes GPG encrypted files to do that.
It uses GPG to encrypt markdown files containing my login credentials, and Syncthing to synchronize them to my Android phone to realize cross-device availability.
- On my computer, I use
gpgto encrypt the markdown files
- jamessan/vim-gnupg Vim plugin to easily decrypt and edit the files
Gitto version control the folder so I have full history of my login credentials
- To access them from my phone, I use
I could just Syncthing the markdown files without encryption to my phone, but on the off chance that my phone is stolen / lost / hacked, I don’t want my passwords to go down with it, so it is safer to have it gpg encrypted.
I’m aware of pass and tried it before I came to this setup, but I want to put more info than just a password string in my files, so that’s why
As many have pointed out in this HackerNews thread, pass allows multi-line edit, so this paragraph is incorrect.
pass doesn’t fit my need.
How to replicate this setup
1. Generate a PGP keypair with GPG
you can skip this if you already have a keypair.
2. Install the Vim plugin and put in corresponding config
Assuming you’re using VimPlug ( a vim plugin manager ),
put this into your ~/.vimrc and run
:PlugInstall in Vim.
Plug 'jamessan/vim-gnupg' " Armor files let g:GPGPreferArmor=1 " Set the default option let g:GPGDefaultRecipients=["email@example.com"]"
NOTE: remember to modify the
firstname.lastname@example.org to the email associated with your PGP key
3. Create a markdown file
4. Encrypt the markdown file
gpg -e -r email@example.com path/to/file
if you use Ranger, you can put this mapping into your rc.conf to encrypt it easily by pressing
te when the selection is hovering on the file:
map te shell gpg --recipient firstname.lastname@example.org --armor --output %f.asc --encrypt %f && rm %f
Open the file with Vim to make sure it can auto decrypt and open up the file.
$ vim /path/to/file
5. Setup Syncthing
Install Syncthing on Linux and Android, then set it up to sync your password folder to your phone.
6. Setup OpenKeychain
Install OpenKeychain Android app on your phone
- export your PGP private key from Linux
$ gpg --export-secret-keys --armor email@example.com > privkey.asc
- Transfer the file to your Android phone (for example through wire)
- Import the key file into
7. Try decrypting your files on Android
To decrypt and view your password file:
- Open the
Press the hamburger menu icon on the top left
Select input fileand browse to the encrypted password file
- Enter your PGP key passphrase