There has to be, the PasswordStore app for Android can keep the GPG files in a storage location where other apps can read & write them. All you need is something to handle the synchronization.
I’m a control freak and prefer to do things like that manually, so I just use the built-in git & SSH based method it provides.
That entry names are stored in plain text doesn’t bother me; if somebody has broken into my system so well that they’ve copied my password store then the last of my concerns will be if they can easily find out if I have a password stored for example.org or example.net. At that point it doesn’t matter if they can tell that I have a Jellyfin password stored, because that service is running on my server with clients installed on my phone & tablet.
And I handle key storage with a pair of Yubikeys which hold a copy of my private key. It can’t be extracted (only overwritten). There is a physical copy kept on offline, disconnected storage, which could be an attack vector – but if we’re at the point of somebody breaking into my house to target my password management then all bets are off: you don’t need to break my kneecaps with a hammer for me to tell you everything, I prefer to keep my knees undamaged.
For attachments I just add another entry; /services/example.org-otherThing - there’s nothing stopping you from encrypting binary data like an image.
And when it comes to convenience: I have a set of bash scripts that use Wofi to popup a list of options and automatically fill in data. Open example.org click the login field, hit meta-l, type example.org, hit enter and wait a moment: it’ll copy and paste the username, hit tab for me, then copy/paste the password, then copy a bunch of random data into the clipboard buffer like 10 times before copying an empty string another hundred times to flush said buffer. meta-f for username only, meta-g for password only; it’s honestly way more convenient for me than the 1Password setup I use at work.
I understand the point the video is making, but I think it’s irrelevant if you keep the private key on something like a Yubikey.
I use passwordstore.org which is basically a bash script that wraps GPG; but there is an Android client as well.
Everything is stored in encrypted files tracked by git. Files are synchronized by git/SSH to a server I run.
Absolutely. People really sleep on just how much traffic a simple low end server running a PHP framework can handle. I’ve ran systems with a million users (combined across multiple domains and clients but still) and it was just fine with a single database server and a few web servers. They would have needed to hit the tens of millions of users before serious refactoring or rewriting would have ever been necessary to consider.
I’m sure ‘serverless’ has a good time and place to be used, but in my experience it has just always been the worse choice.
“But we need to be able to scale!”
Sure, but we’re not in a place where we’re getting anywhere near early mySpace / Facebook / Google style growth. Just get a regular ass cheap VPS and stick your service on it; if you need to expand upgrade the VPS. If it’s starts getting serious then let’s look at compartmentalizing and distributing it if we need to.
Omg thank you! I was just starting to look for alternatives
Unfortunately OpenKeyChain is now no longer being developed. It still works… for now.
Am I mistaken, but isn’t Nix a package manager, where Docker is a container system? They’re related, but really not comparable.