There has to be, the PasswordStore app for Android can keep the GPG files in a storage location where other apps can read & write them. All you need is something to handle the synchronization.

I’m a control freak and prefer to do things like that manually, so I just use the built-in git & SSH based method it provides.

That entry names are stored in plain text doesn’t bother me; if somebody has broken into my system so well that they’ve copied my password store then the last of my concerns will be if they can easily find out if I have a password stored for example.org or example.net. At that point it doesn’t matter if they can tell that I have a Jellyfin password stored, because that service is running on my server with clients installed on my phone & tablet.

And I handle key storage with a pair of Yubikeys which hold a copy of my private key. It can’t be extracted (only overwritten). There is a physical copy kept on offline, disconnected storage, which could be an attack vector – but if we’re at the point of somebody breaking into my house to target my password management then all bets are off: you don’t need to break my kneecaps with a hammer for me to tell you everything, I prefer to keep my knees undamaged.

For attachments I just add another entry; /services/example.org-otherThing - there’s nothing stopping you from encrypting binary data like an image.

And when it comes to convenience: I have a set of bash scripts that use Wofi to popup a list of options and automatically fill in data. Open example.org click the login field, hit meta-l, type example.org, hit enter and wait a moment: it’ll copy and paste the username, hit tab for me, then copy/paste the password, then copy a bunch of random data into the clipboard buffer like 10 times before copying an empty string another hundred times to flush said buffer. meta-f for username only, meta-g for password only; it’s honestly way more convenient for me than the 1Password setup I use at work.

I understand the point the video is making, but I think it’s irrelevant if you keep the private key on something like a Yubikey.

I use passwordstore.org which is basically a bash script that wraps GPG; but there is an Android client as well.

Everything is stored in encrypted files tracked by git. Files are synchronized by git/SSH to a server I run.