cross-posted from: https://lemmy.cat/post/6027277
I’m curious to know how people manage their different encrypted storage here. And I’m talking about the case where you really need to manage SEVERAL encrypted storages/files.
What software do you use? Where do you save your passwords (password manager/paper/other) or do you use physical keys?
In short, what’s the best combination you’ve found or recommend to cover as many attack surfaces as possible: remote, local, physical, etc.?
gocryptfs, because encrypted shares are accessible cross-platform(ish), and I have high confidence of having either a working static binary, or the ability to compile one, several years in the future.
Passwords are all in a
pass
store, and also in a keepass db. I’m probably going to do away withpass
and go back to some secret-tool backed be keepassxc, though, as I haven’t been very happy with pass (I use gopass, but same db format). I depend far more on keepass, and keeping the dbs in sync is a minor PITA, as well.In any case, I have a bespoke bash script that mounts/unmounts shares on demand via a rofi dialog.
pgp-agent
does the password prompting as necessary, whichpass
uses to decrypt the passwords.Everything - including the encrypted shares - is backed up by restic to encrypted backups - one each in B2, one each on local portable USB HDs.