Last year I wrote a command line password manager, after deciding I didn't
like pass
any more, and didn't like anything else I found, either. It's
called sopass
. I've switched over to sopass
entirely. I'm happy with it, for my simple needs.
I've been thinking a lot about cross-device and group use. pass
supports
storing the encrypted secrets in Git and syncing them across computers, even
between people. This usually works quite well, because each secret is in
a separate file. Thus merge conflicts are unusual, unless the same secret
is updated at the same time on two different hosts. That doesn't work with
sopass
, which puts all secrets in one file. That was one of the reasons I
wrote the software.
If I were to support cross-device syncing in sopass
, I'd want to do better
than pass
. I would want to entirely avoid merge conflicts.
The idea for implementing this that I have is to use a CRDT, a conflict-free
replicated data type. Basically, a sopass
database would be a Git repository
and each atomic change would be a separate commit: set key to value,
rename key, remove key. The CRDT would merge the changes in a way that
guarantess there is never a conflict. This might require arbitrarily, but
deterministically, choosing one change from a small set of changes that can't
be ordered otherwise. That might result in occasional surprised users (what
joy!), but no data is lost, it's still there in Git history. The UI could
expose this in some way.
This would actually be an interesting technical challenge to implement, but given that I have a wealth of such challenges, a drought of free time, and no current need for this, I'm going to pass on this. But I thought I'd write up the thought in case it inspires someone else.