If you want a password management system that is plain-text based, let me introduce to you my setup which utilizes GPG encrypted files to do that.

It uses GPG to encrypt markdown files containing my login credentials, and Syncthing to synchronize them to my Android phone to realize cross-device availability.

Tools involved

  • On my computer, I use
    • gpg to encrypt the markdown files
    • jamessan/vim-gnupg Vim plugin to easily decrypt and edit the files
    • Git to version control the folder so I have full history of my login credentials
  • To access them from my phone, I use
    • Syncthing to synchronize the folder to my phone
    • OpenKeychain app to decrypt and read the encrypted files

I could just Syncthing the markdown files without encryption to my phone, but on the off chance that my phone is stolen / lost / hacked, I don’t want my passwords to go down with it, so it is safer to have it gpg encrypted.

I’m aware of pass and tried it before I came to this setup, but I want to put more info than just a password string in my files, so that’s why pass doesn’t fit my need. As many have pointed out in this HackerNews thread, pass allows multi-line edit, so this paragraph is incorrect.

How to replicate this setup

1. Generate a PGP keypair with GPG

you can skip this if you already have a keypair.

$ gpg --full-gen-key

2. Install the Vim plugin and put in corresponding config

Assuming you’re using VimPlug ( a vim plugin manager ), put this into your ~/.vimrc and run :PlugInstall in Vim.

Plug 'jamessan/vim-gnupg'
" Armor files
let g:GPGPreferArmor=1
" Set the default option
let g:GPGDefaultRecipients=["youremail@provider.com"]"

NOTE: remember to modify the youremail@provider.com to the email associated with your PGP key

3. Create a markdown file

$ touch mygmail.md

4. Encrypt the markdown file

$ gpg -e -r youremail@provider.com path/to/file

if you use Ranger, you can put this mapping into your rc.conf to encrypt it easily by pressing te when the selection is hovering on the file:

map te shell gpg --recipient youremail@provider.com --armor --output %f.asc --encrypt %f && rm %f

Open the file with Vim to make sure it can auto decrypt and open up the file.

$ vim /path/to/file

5. Setup Syncthing

Install Syncthing on Linux and Android, then set it up to sync your password folder to your phone.

6. Setup OpenKeychain

  1. Install OpenKeychain Android app on your phone

  2. export your PGP private key from Linux
      $ gpg --export-secret-keys --armor youremail@provider.com > privkey.asc
  3. Transfer the file to your Android phone (for example through wire)
  4. Import the key file into OpenKeychain app

7. Try decrypting your files on Android

To decrypt and view your password file:

  1. Open the OpenKeychain app
  2. Press the hamburger menu icon on the top left

  3. Press Encrypt/Decrypt

  1. Press Select input file and browse to the encrypted password file
  2. Enter your PGP key passphrase

8. Done