Hi security newbie here, I have private bitbucket repo for storing my pass data. One problem is that pass often leaks some metadata like headers of directories. From security standpoint does this mean it is more private to host the git repo on keybase versus bitbucket ?
That depends - is that data encrypted on your system? Since git is decentralized, there's a chance that any plain-text copy (such as a clone on your system) could be compromised. Keybase even addresses this in the FAQ, to an extent:
> What if my computer is compromised?
> Your work is only as safe as your endpoints, so we can't help you there.
This applies regardless of host or protocol, BTW, and it isn't even specific to computing. (It doesn't matter how many locks you have on your front door if you leave the back door propped open.)
Hi pass uses gpg encryption on the text files my only concern are the file names which can leak meta info, for example just searching GitHub https://github.com/zurchpet/pass shows this person has passwords in a public repository but encrypted. Nevertheless I can see that the file names are credit card info and other sensitive info. It's like having a safe with a label "important stuff inside" ! Does keybase solve this problem ?
Yes, the contents of the git repository holding your pass files are encrypted, meaning that the file names are not visible to anyone without the private key (you).
