hmm... if my threat model for my password manager is just that I want encryption at rest, I wonder if `.ods` file with librecalc in a luks-encrypted file satisfies that

like is librecalc sticking my data somewhere else on disk is the real question there I think

this question brought to you by keepassxc is masked in gentoo now (for good reasons...) and I'm puzzling out what I'm migrating to

@artemis why did they mask it?

@artemis yes; it has automatic recovery from crashes

@whitequark @artemis for being stuck on qt5 and accepting AI-generated code:

# Andreas Sturmlechner <asturm@gentoo.org> (2026-04-12)
# Perpetually stuck on Qt5 despite recent releases made under the influence of AI.
# A Qt6-based snapshot is provided for testing without keywords, currently as
# app-admin/keepassxc-2.8.0_pre260316-r1, but it is unclear when keywords will
# be restored let alone stabilised.
# Alternatives are app-admin/keepass, app-admin/pass which can import kbdx
# files, app-admin/vaultwarden, app-admin/bitwarden-desktop-bin and probably
# many more.  AppImage or Flatpak versions also available as last resort.
# Bugs #949231, #967905.
# Removal on 2026-05-11.

@noisytoot @artemis blech. I didn't know about the Qt5 bit. maybe I should fork it before the AI stuff & port it to Qt6... shouldn't be too hard (I depend on the browser integration & any solution that doesn't keep it is not viable for me)

one notable downside of the luks thing is I think it won't work for Windows. but I also don't really need my whole password db on windows, i'm sure I can find a way to smuggle specific passwords over to it

I was also thinking I could write my own manager with https://lib.rs/crates/age which does the chacha slide for encryption its just I would have to actually do the UI work for it is all

one hash this time. right key let's salt. left key let's salt.

though I'm not sure it's the right tool for what I want either.

My somewhat complicated but maybe closest to what I want idea is to write a sqlite VFS to sit between sqlite and the filesystem that puts all its data through a block cipher at the VFS layer. and then the password database is actually just a sqlite database with minimal funny business. and at that point the minimal UI is just "sqlite repl" which is pretty achievable

@artemis isn’t this just the SQLite encryption extension

@kouhai oh is that a thing

@artemis closed source but you can use sqlcipher https://github.com/sqlcipher/sqlcipher