Storing pass secrets in password store and git

[timlag1305]

I see that there is some secret information stored as json files. I have several questions:

1. Should this be stored in the password store directory? Some of the extensions/apps that interface with password store think they are passwords which I think is incorrect. If they aren't passwords then maybe they should be stored elsewhere.
2. If they should be stored in the password store, should they be tracked in git? Currently I am not tracking them.

[nullobsi]

i have a .gitignore that ignores the secretservice directory. They could technically be git synched across devices but secrets are mainly per device and that would probably cause plenty of merge conflicts.

You're right; they are not stored encrypted because they're just basic metadata that needs to be accessed before the files can be unencrypted. Perhaps they should be moved to a hidden dotfile.

[Thaodan]

I noticed compared to pass itself,browser plugins or Qt pass, pass-secrets doesn't store any metadata inside the keys.
Sure doing so would require to decrypt more keys however storing metadata unencrypted leaks it and circumvents the system.