secm

command module
v0.0.0-...-98b0973 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 13, 2025 License: MIT Imports: 1 Imported by: 0

README

secm - Secure Secret Manager

A command-line tool for securely managing secrets with encryption and metadata support.

Features

  • Secure storage of secrets using hybrid encryption (RSA + AES)
  • YAML-based secret storage with metadata
  • Support for secret tags and categorization
  • Cross-platform support (Linux, macOS, Windows)

Installation

From Source
  1. Clone the repository:
git clone https://github.com/open-zhy/secm.git
cd secm
  1. Build for your platform:
make

Or build for a specific platform:

make build-platform PLATFORM=darwin ARCH=arm64

Build for all platforms:

make build-all

Usage

Initialize Workspace

Before using secm, initialize the workspace:

secm init

You can add --profile <profile> option (default value is default). This will allow multiple workspaces on same machine. This option is usable overall all subcommands, which will just scope the action to specified workspace.

This creates the .secm directory in your home folder and generates an RSA identity key.

Create a Secret

Create a new secret from a file with metadata:

secm create secret.txt -n "API Key" -d "Production API key" -t "api,prod" --type "api-key"

Options:

  • -n, --name: Name of the secret (required)
  • -d, --description: Description of the secret
  • -t, --type: Type of secret (e.g., api-key, certificate)
  • --tags: Comma-separated list of tags
  • -f, --format: Format of the secret (text, json, binary)
List Secrets

List all stored secrets:

secm list

Show additional information:

secm list -t    # Show tags
secm list -d    # Show descriptions
Get a Secret

Retrieve a secret by its ID:

secm get <secret-id>                    # Output to stdout
secm get <secret-id> -o output.txt      # Save to file
secm get <secret-id> -m                 # Show metadata
secm get <secret-id> -q                 # Quiet mode (only output value)

Building from Source

Requirements:

  • Go 1.21 or later
  • Make

Available make commands:

  • make: Build for current platform
  • make build-all: Build for all platforms
  • make build-platform PLATFORM=darwin ARCH=arm64: Build for specific platform
  • make clean: Clean build directory
  • make test: Run tests
  • make fmt: Format code
  • make install: Install locally

Security

  • Uses hybrid encryption (RSA, ECDH for key exchange, AES-128 for data)
  • Secure file permissions (0600 for keys, 0700 for directories)
  • Unique hash-based IDs for secrets
  • Base64 encoded encrypted data in YAML storage

Todo

  • Basics of secrets management: workspace initialization, create secret, list and unfold secret
  • Add --profile option on root level, default to ~/.secm: this should enable multiple instances or easily resurrect from an existing profile
  • Support ed25519 key and eventually more
  • Enable transfer to another identity: secm transfer <publicKey>: it will just create a copy in the workspace of the same secret, only recipient can read the secret
  • After transfer, enable p2p direct transfer (preferrable implemented as plugin, not apart of the core util)
  • Better document codes and the workflows

License

MIT License

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
pkg
crypto
errors
id
plugin
protocol
screen
secret
workspace

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.