If not GPG, then what?

Sometimes you need to keep secrets. Maybe you are involved in organized crime or a revolutionary organization. Maybe you need safe-keeping for your build system credentials.

In my very limited experience, gpg is painful to use.

I've tried to use Hashicorp Vault, but I'm not sure I've understood its documentation. I think it recommends storing secrets in a vault on a dedicated secret server, and connecting to that server via a well-known URL when you need authentication tokens. And if/when that server needs to restart? Require three separate humans to manually, interactively, apply their keys to unlock the vault and get things running again.

😳

What are the alternatives?

Darned if I know. But I just tripped across this post by Latacora and am grateful to its author(s). The recommendations seem to be: