Hello, Based on some of our [work](https://github.com/HXR/pass-mount) to solve a similar issue, I'd really look at handling this on the plugin/applications side.
If you store the keys via random uuids ``` $ pass ekey ekey ├── 296ebbf6-02b6-4c8b-8721-a8aaddc6d9b1 ├── 981e900c-c031-433d-8e43-678cf5c99fc3 ├── ef2b7e2b-df68-42a3-be58-48f5011fabad └── lookup ``` Then you can just store the mapping table in another `pass` entry ``` $ pass ekey/lookup www/example.com: 296ebbf6-02b6-4c8b-8721-a8aaddc6d9b1 www/router.local: 981e900c-c031-433d-8e43-678cf5c99fc3 www/office.internal: ef2b7e2b-df68-42a3-be58-48f5011fabad ``` Another, option would be to use pass-tomb or pass-mount to mount another password store, perhaps as an overlay. Finally, while maybe it isn't what you need, we have been trying to figure out how build an extension to backup and synchronize `~/.password-store` data across multiple machines without uploading the keys to REDACTED. The plan at the moment is to use `pass-mount` to mount a LUKS encrypted USB drive. This provides a file-based git remote for the password store to push to. ``` $ pass mount storage/2375db47-9f60-4c3b-a2bc-be0dc06a62ce $ pass git remote get-url origin /media/user/ENCRYPTED/.sync/password-store.git $ pass git pull $ pass git push $ pass umount storage/2375db47-9f60-4c3b-a2bc-be0dc06a62ce ``` FWIW, `pass-mount` also supports `cryfs` if you want to upload an encrypted version of `.password-store.git` to REDACTED.
