How secure is pass compared to Keepass?


Is pass a real alternative to Keepass in terms of security?

While Keepass has its own built-in encryption, pass relies on GPG to secure your passwords. GPG is obviously recognized as providing excellent security for transferring data over insecure networks, when the threat model is a MITM. But is GPG still a reliable way for securing local files on your computer? Keepass goes to some length to thwart potential attack vectors, such as making typed passwords harder to get with a keylogger and protecting its memory. Is pass with gpg agent more or less secure?

Also, if the private key which decrypts your passwords is just a file on your computer, is it really secure? I guess you can simply put a passphrase on the key, but I get the impression that it’s dangerous for someone to get your GPG key even if they don’t know the passphrase. Besides, Keepass has additional features like using a key file to unlock. Is there a security benefit to Keepass’s approach over pass?