OkcAgent VS kbs2

It's a bit complicated, but you can use GPG for this! You can follow this guide to setup GPG, and follow this issue to set it up with Termux, then use OKCAgent's GPG function to en/decrypt any files. You can then use any CLI TOTP program and de/encrypt the key files with your GPG key. It's not as secure as having them on the key, as the private keys for the TOTP have to be in your phone's RAM. You can write a shell script for that and put a widget to it on your home screen.

[1]: https://github.com/DDoSolitary/OkcAgent

Simple password decrypt: okc-gpg -d ~/.password-store/mypass.gpg

I made a termux shortcut (button on homescreen) to emulate pass-dmenu via this ( store in ~/.shortcuts):

  #!/data/data/com.termux/files/usr/bin/env bash

I don't use pass myself (I have severe NIH[1]), but its design has inspired me many times over: very, very few tools rise to the challenge of adhering to the Unix philosophy without cargo-culting it, and pass is one of them. I highly recommend that people looking to write engineer-friendly tools study its manpage[2].

[1]: https://github.com/woodruffw/kbs2

[2]: https://git.zx2c4.com/password-store/about/

Two things:

* (Yet another) password and secret manager, using modern cryptographic libraries (age) and with a strong emphasis on customizability[1]. I personally use it as a general purpose secret store for everything from passwords to command snippets.

* A tool that runs commands when USB devices are inserted or removed, allowing a user to write filters against a variety of device metadata. The end goal is something similar to udev rules, but much nicer to configure and cross-platform. Still unreleased.

[1]: https://github.com/woodruffw/kbs2