Others have said both things but there's 2 points here:
1) For non-malicious users where you want to defend against them loosing their key and old encrypted store to a 3rd party use a hardware token that you can collect on exit (like Yubikey). 2) For malicious actors you just need to change all secrets they ever had access to because they could have recorded plain text. _______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
