On NixOS, you may find that
pass, the standard unix password manager fails with a cryptic error when it tries to decrypt passwords:
$ pass show foo gpg: decryption failed: No secret key
The problem is actually that
pass cannot figure out how to ask you for the master password.
One workaround is to use
gpg to manually decrypt the password:
$ nix-shell -p gnupg --run 'gpg --decrypt --pinentry-mode=loopback < ~/.password-store/foo.gpg'
But this sucks. A better solution is to install
pinentry-curses (put it in your
systemPackages in your NixOS configuration), and then modify
$HOME/.gnupg/gpg-agent.conf to contain the following:
You may need to reload the running
gpg-agent to make it pick up the change:
$ gpgconf --reload gpg-agent