cross-posted from: https://lemmy.cat/post/6027277
I’m curious to know how people manage their different encrypted storage here. And I’m talking about the case where you really need to manage SEVERAL encrypted storages/files.
What software do you use? Where do you save your passwords (password manager/paper/other) or do you use physical keys?
In short, what’s the best combination you’ve found or recommend to cover as many attack surfaces as possible: remote, local, physical, etc.?
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
gocryptfs, because encrypted shares are accessible cross-platform(ish), and I have high confidence of having either a working static binary, or the ability to compile one, several years in the future.
Passwords are all in a
pass
store, and also in a keepass db. I’m probably going to do away withpass
and go back to some secret-tool backed be keepassxc, though, as I haven’t been very happy with pass (I use gopass, but same db format). I depend far more on keepass, and keeping the dbs in sync is a minor PITA, as well.In any case, I have a bespoke bash script that mounts/unmounts shares on demand via a rofi dialog.
pgp-agent
does the password prompting as necessary, whichpass
uses to decrypt the passwords.Everything - including the encrypted shares - is backed up by restic to encrypted backups - one each in B2, one each on local portable USB HDs.