Anyone know of a gpg-encrypted secrets sharing software that allows a client to hold different "bases/repositories" of secrets?

Christian Chavez x10an14 at
Sat Jun 12 16:13:13 CEST 2021

Hi Klaus,

On Sat, Jun 12, 2021 at 2:44 PM Klaus Ethgen <klaus+gnupg at> wrote:

> You can combine multiple pass repositories into one using, for example,
> git submodules. I used that over many years. Having a cron job that
> committed all submodules changes in the top pass git automatically.
Thank you so much for your suggestion! I will see if I can automate this
somehow without putting my private key (currently on a yubikey) on machine
(If you - or anyone else - have got any tips/suggestions, I'm all ears)!

> In pass, you can have different keys for each subtree. See the man page
> for `pass init --path=sub-folder`.
This is indeed what "solves" my problem, but I fail to understand how I can
utilize this.
Maybe I'm interpreting the keyword "init" wrongly, but I was hoping to
avoid "hand-crafted" aliases/the like to reference different
subdirectories/trees of passwords.

My `man pass init` says the following;
>        init [ --path=sub-folder, -p sub-folder ] gpg-id...
>             Initialize new password storage and use gpg-id for
encryption. Multiple gpg-ids may be specified, in order to encrypt each
password with multiple ids. This command must be run first before a
password store can be used. If the specified gpg-id is different from
>             the  key used in any existing files, these files will be
reencrypted to use the new id. (...) If --path or -p is specified, along
with an argument, a specific gpg-id or set of gpg-ids is assigned for that
specific sub folder of the password store. (...)

My workflow so far has been:
1. `pass init <my public gpg key>`
2. Add secrets I want to unlock with pass with this specific key.
3. Use `pass git` to sync between clients.

So, in an attempt to clarify my confusion (nevermind the oxymoron that
Are you supposed to `pass init --path <subfolder within
$PASSWORD_STORE_DIR><gpg key(s)>` within an already established
Is this the missing link in my understanding?

Something like this?
tree .password-store/
├── accountX
├── accountY
├── accountZ
├── work-teamA
│   └──
└── work-teamB

Med vennlig hilsen/Kind regards,
Christian Chavez
Phone/Tlf: +47 922 22 603
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Gnupg-users mailing list