This is going to sound sketchy because any software project involving cryptography is automatically sketchy unless it has hit some nebulous and ill-defined 'accepted' status, but I've been working on a CLI tool to manage my passwords for a while that I'm honestly not ready to share, but the architecture so far is very simple:
Each 'service block' is an encrypted file consisting of service name, service password (autogenerated), kv-store, some metadata for regenerating new passwords.
The key to each service block is the hash of a primary password.
The name of the 'service block' file is the hash of the service name.
All of the service blocks are stored together in a folder that can be rsynced wherever.
My worry is obviously in the crypto. While I'm not doing anything too fancy I worry about timing attacks because an attacker will have the full encrypted block so the system is vulnerable to that sort of thing.
There are many other options for password management that are very similar.
Writing them down in a notebook next to your computer. A homebrew system like e-mailing GPG-encrypted files to yourself. Your browser's built in password saving and sync features. A password-protected Excel spreadsheet on your dropbox.
Compared to a notebook, I can access my passwords from my phone if the need arises, and they're encrypted and backed up should I lose my phone.
Compared to a homebrew system, someone else has done the work and made a cross-platform system with nice browser extensions, sensible defaults, and so on.
Compared to my browser's sync features, there's peace of mind because it's not a free feature from a corporation famous for nonexistent customer service and sketchy tracking practices.
Compared to dropbox, the price is trivial (as they only have to store a few kilobytes of data) and it's focused on security.
