document using pass on linux

- pass is superior to file for most Linux users
- general tweaks and improvements to docs

Fixes: #369

docs/FAQ.md

@@ -22,6 +22,7 @@
  * [How do I delete all secrets from the macOS Keychain?](#how-do-i-delete-all-secrets-from-the-macos-keychain)
  * [Which SecureStore should I use?](#which-securestore-should-i-use)
  * [Does aws-sso support using AWS FIPS endpoints?](#does-aws-sso-support-using-aws-fips-endpoints)
+ * [How can I stop typing my password all the time?](#how-can-i-stop-typing-my-password-all-the-time)
 
 ##### Errors and their meaning
 
@@ -330,3 +331,16 @@ config.md#SSOCOnfig) blocks) then a few comments:
     or `--sso` flag because of a [limitation with how shell completion works](
     https://github.com/synfinatic/aws-sso-cli/issues/382).  Instead you must
     first `export AWS_SSO=<name>` and then run the command.
+
+### How can I stop typing my password all the time?
+
+Choosing a [SecureStore](config.md#securestore-jsonstore) is important from
+a usability & security perspective.  The default options for MacOS and Windows
+should generally be the best, but Linux users default to `file` for compatibility
+sake.
+
+Unfortunately, the `file` option requires you to enter your password pretty much
+every time you use `aws-sso`.  For that reason, I recommend using the [pass](
+https://www.passwordstore.org) option which uses GPG and optionally the `gpg-agent`
+for caching of your GPG passphrase.  Please note that configuring pass, GPG
+and the gpg-agent are outside of the scope of this documentation.

docs/aws-vault.md

@@ -5,7 +5,7 @@
  * [Feature Comparison](#feature-comparison)
 
 Note: I believe this page to be accurate as of `aws-vault` v6.3.1 and
-`aws-sso` v1.7.1. If you believe anything on this page is in error, please [let me know](
+`aws-sso` v1.9.0. If you believe anything on this page is in error, please [let me know](
 https://github.com/synfinatic/aws-sso-cli/issues/new?title=Documentation+error:)!
 
 I get asked a lot why you should use AWS SSO CLI over [AWS Vault](
@@ -141,8 +141,9 @@ and configured!
 | Role chaining           | Yes       | Yes       | Yes        |
 | CLI auto-complete       | Yes       | Yes       | Yes        |
 | EC2/ECS Metadata server | Yes       | No *      | No         |
-| AWS Session tags        | Yes       | No *      | Yes        |
-| AWS Transitive tags     | Yes       | No *      | Yes        |
+| AWS Session tags        | Yes       | No        | Yes        |
+| AWS Transitive tags     | Yes       | No        | Yes        |
+| Firefox Containers      | No        | Yes       | No         |
 | Exec new shell with AWS creds    | Yes  | Yes   | No     |
 | Detect $AWS\_PROFILE collision   | No   | Yes   | Yes    |
 | Add AWS creds into current shell | No   | Yes   | No     |
@@ -155,5 +156,4 @@ and configured!
 | Role ARN             | No        | Yes     | No         |
 | AccountId & RoleName | No        | Yes     | No         |
 
-
 **Note:** Items above marked with a `*` are on the `aws-sso` feature roadmap.

docs/config.md

@@ -358,7 +358,7 @@ https://docs.aws.amazon.com/singlesignon/latest/userguide/howtosessionduration.h
  * `file` - Encrypted local files (OS agnostic and default on Linux)
  * `keychain` - macOS [Keychain](https://support.apple.com/guide/mac-help/use-keychains-to-store-passwords-mchlf375f392/mac) (default on macOS)
  * `kwallet` - [KDE Wallet](https://utils.kde.org/projects/kwalletmanager/)
- * `pass` - [pass](https://www.passwordstore.org)
+ * `pass` - [pass](https://www.passwordstore.org) (uses GPG on backend)
  * `secret-service` - Freedesktop.org [Secret Service](https://specifications.freedesktop.org/secret-service/latest/re01.html)
  * `wincred` - Windows [Credential Manager](https://support.microsoft.com/en-us/windows/accessing-credential-manager-1b5c916a-6a16-889f-8581-fc16e8165ac0) (default on Windows)
  * `json` - Cleartext JSON file (very insecure and not recommended).  Location