metadata leak

[sakoula]

Hello there!
I am playing around with gopass as my main password solution/workflow and I really like it since I can use the shell for all my password needs! I am using macos.

I setup the gopass-jsonapi and the gopassbridge for loging automatically into websites. Also I have setup a remote git repository (in github) to checkout how it work.

I have a question and would like to see how other people are handling this. As you know in order to be able to use the browser plugin you need to use metadata (url and user_identifier in case of multiple users) in the directory structure. This is always unencrypted and stored in a private repository somewhere (e.g. github). I know that this is the design of pass and if people want to encrypt those metadata they use solutions like encrypted folders (such as tomb).

I would like to check how you are handling your password workflow. I do not want to use solutions like vaultwarden/bitwarden which rely only on a server based solution.

Thanks a lot!!!!

[AnomalRoil]

On my side I'm using my own git server, using Gitea to avoid leaking my data outside of my own devices and I'm relying on the dmenu/rofi script rather than on the gopassbrigde extension.

But yeah, being able to hide these metadata has been on our todo for a while already.