pull down to refresh

I use pass. Can't get more simpler than it - it's just a wrapper around gpg and your passwords/secrets are just normal plaintext files stored in a git repo. (encrypted using gpg of course) I have my gpg private key stored (encrypted symmetrically using AES) on multiple usb sticks and also have a paper copy of it tucked in somewhere secure.