Git-Credential-Pass
Pass integration for Git, but git-credential-store and libsecret do this.

Pass integration for Git, but git-credential-store and libsecret do this.
Tidy, privacy-first vault that keeps everything on-device and uses Argon2id + AES-256 with per-field encryption — not just marketing buzz: the copy lists concrete choices like 64 MB memory hardness and biometric key storage in the secure enclave. Features such as camera card scanning, per-vault isolation, and on-demand file decryption are useful for single-device users, but the offline-only stance also limits appeal compared with cross-device managers like 1Password or Bitwarden.
Secure Enclave secret broker for agents, but installation is still coming soon.
Secure Enclave-bound AWS credentials could replace access keys if it works.
Touch ID for SSH using Secure Enclave—keys can't be stolen even if disk is compromised.
Secure Enclave vault exec beats .env files for AI agent secret injection.