It is a file-based key-value store, where only the values are encrypted[1], with GPG to make it worse. For these reasons, I moved to KeePassXC. It is cross-platform, has a nice Qt GUI and you don't have to resort to hacks to have several values associated with a single key (i.e. not just password, but also username and others).
> resort to hacks to have several values associated with a single key (i.e. not just password, but also username and others).
What hacks? Just add the username/whatever under the password.
Pass only uses the first line in the file as the password when you do `pass -c` to copy to clipboard. So you could write a whole book in there if you want.
Pass for iOS also displays those values in a nice list with titles if you write the extra fields as "key: value"
Unless you need multiple concurrent writers or some kind of RBAC it's going to be really hard for anything to beat the KP database just because it already takes into things like that into account, along with optional entry history, arbitrary associated values, etc.
Been using it both with computers/phones and via programmatic access on cloud storage for years.
Because you still need to manage your GPG keys with an obscure CLI. When I last switched computers, I tried just copying my "~/.gpg" directory. Didn't work. GPG was confused, produced even more confusing messages, which didn't really help me understand what the problem was. I needed to google for the right incantation of commands to export my keys from one computer and import them on another. Compare that to what you have with KeePassXC: switching computers? Just copy this single file and everything will just work.
And I don't want to know if I'm holding GPG right. I just want the tool to work for my specific case. But GPG wasn't designed specifically with this case in mind, so, as usual, it will be terrible. It tries to be too many things.
[1]: Keys and Git history are not encrypted.