gopass

gopass is a command-line password and secret manager built around encrypted files, usually with GPG or age for crypto and git-backed stores for sharing. It is aimed at local or team-owned secret stores rather than a hosted vault API.

• Initialize or clone encrypted password stores, organize them into mounted sub-stores, and sync shared stores through git remotes.
• Read, insert, edit, move, grep, and pipe secrets or binary data from the shell, including script-oriented show --password, otp --password, and cat workflows.
• Manage store recipients and OTP data so teams can share selected stores and generate TOTP codes from stored secrets.

• Commands are mostly regular subcommands with stdin/stdout behavior, and several docs explicitly call out script-oriented flags such as show --password, otp --password, and cat.
• The main CLI does not expose --json or similar structured output, so agents have to parse plain text and secret bodies carefully.
• Best when a skill standardizes store layout, mount names, recipient operations, and key setup; first-run bootstrap, editor flows, clipboard actions, and key prompts are still human-heavy.

• Useful automation still depends on local crypto setup such as GPG or age keys, and typical shared-store workflows also assume git is configured.
• Removing a recipient does not revoke access to secrets they already had; the docs warn affected secrets should be changed after recipient removal.