21 releases
new 0.3.1 | Apr 20, 2025 |
---|---|
0.3.0 | Apr 20, 2025 |
0.2.12 | Apr 20, 2025 |
0.1.6 | Apr 7, 2025 |
0.1.4 | Mar 31, 2025 |
#712 in Command line utilities
637 downloads per month
85KB
1.5K
SLoC
🦀🔐 smart-locker
A ultra-lightweight CLI tool written in Rust to encrypt, store, and manage sensitive secrets locally in a secure and durable way.
🚀 Purpose
smart-locker solves a real-world problem:
In a fullstack project with CI/CD pipelines, tokens, private keys, passphrases, and API keys become critical.
Storing them in plain text is dangerous. Base64 encoding is not enough. smart-locker offers a reliable, simple, and effective solution.
🛠️ CLI Architecture
At first start with smart-locker init.
smart-locker <command> [options]
MAIN COMMANDS:
encrypt Encrypt a secret and store it
decrypt Decrypt a `.slock` file
list List encrypted secrets
remove Delete a secret
init Generate the master key (locker.key)
backup-key Backup the encryption key
restore-key Restore the encryption key from a backup
export Export secrets to a file in a specified format
renew Renew the expiration date of a secret
EXAMPLE:
smart-locker encrypt -n openai_token -v sk-abc123...
smart-locker encrypt -n my_secret -v "my value" --tags "tag1,tag2"
smart-locker decrypt -n openai_token
smart-locker backup-key
smart-locker restore-key
smart-locker export --format env --output .env
smart-locker renew -n openai_token --days 30
ADVANCED:
OPENAI_API_KEY=$(echo smart-locker decrypt -n openai_token)
echo "This is a test" | smart-locker encrypt -n my_secret
smart-locker decrypt -n my_secret --clipboard
smart-locker export --format env --output .env
🛠️ Installation
smart-locker is available for Linux and Windows. You can either build it from source (for Rust users), download a ready-to-use binary archive, or install it directly via cargo
.
✅ Recommended: Install via Cargo
If you have Rust installed, you can install smart-locker directly from crates.io:
cargo install smart-locker
✅ Precompiled Binary
Windows (Precompiled Binary)
- Download the latest release from the Releases page.
- Extract the
smartlocker_windows.zip
archive. - (Optional) Add the folder to your
PATH
environment variable for easier use. - Run
smart-locker.exe
from any terminal (PowerShell, cmd, or Windows Terminal).
Linux (Build from Source)
-
Download the latest release from the Releases page.
-
Extract the
smartlocker_linux.tar.gz
archive:tar -xzf smartlocker_linux.tar.gz
-
Move the binary into your path:
sudo mv dist/smart-locker /usr/local/bin/
-
Run:
smart-locker --version
⚙️ Build from Source (For Developers)
Linux
-
Make sure Rust is installed:
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
-
Clone the repository:
git clone https://github.com/WillIsback/smart-locker.git cd smart-locker
-
Build the project in release mode:
cargo build --release
-
Install the binary:
sudo cp target/release/smart-locker /usr/local/bin/
-
Verify:
smart-locker --version
Windows
-
Install Rust via rustup.
-
Clone the repository:
git clone https://github.com/WillIsback/smart-locker.git cd smart-locker
-
Build in release mode:
cargo build --release
-
(Optional) Add to PATH:
$Env:Path += ";$PWD\target\release"
-
Test:
.\target\release\smart-locker.exe --version
🎯 Key Features
- ✅ Symmetric encryption of secrets (via AES-GCM or similar)
- ✅ Quick decryption using a passphrase or master key
- ✅ Secure folder
~/.locker
- ✅ Encrypted files with
.slock
or.aes
extension - ✅ User-friendly CLI:
smartlocker encrypt
,decrypt
,list
, etc. - ✅ Pipe support (e.g.
cat secret.txt | smartlocker encrypt -n my_secret
) - ✅ Option: generate key from hashed passphrase (PBKDF2)
- ✅ Option: copy decrypted secret to clipboard
- ✅ Backup and restore encryption keys with
backup-key
andrestore-key
- ✅ Export secrets to a
.env
file with placeholders for secure decryption - ✅ Renew expiration dates for secrets with
renew
- ✅ Automatic expiration management for secrets
- 🔜 Option: Git pre-commit hook to prevent secret leaks
📦 Tech Stack
- 🦀 Rust (>= 1.74)
- 📦
aes-gcm
,rand
,clap
,serde
,directories
- 🔐 Secure encryption based on AES-256 GCM
🧱 Future Steps
- Add vault with auto-expiration
- Git pre-commit plugin to block secrets from being committed
📈 Why This Project?
Because managing secrets in a fullstack project means:
- Understanding security pitfalls
- Building reliable and portable tools
- Learning how to secure DevOps workflows
🧠 System Diagram
flowchart TD
A[smart-locker init] -->|Generates key 🔑| B[~/.locker/locker.key]
B --> C[smart-locker encrypt]
B --> D[smart-locker decrypt]
C -->|CLI input or STDIN| E[.slock encrypted file]
D -->|Read encrypted file| F[Decrypted secret]
🧱 New Features
Renew Expiration Dates
-
Added the
renew
command to extend the expiration date of a secret. -
Example:
smart-locker renew -n openai_token --days 30
-
This command updates the expiration metadata for the specified secret, ensuring it remains valid for the specified number of days.
Improved Expiration Management
-
Secrets can now have expiration dates set during encryption.
-
Example:
smart-locker encrypt -n my_secret -v "my value" --tags "tag1,tag2" --days 30
-
If a secret is expired, it will not be accessible until renewed using the
renew
command.
🗂️ Target Directory Structure
~/.locker/
├── locker.key # local symmetric key (or derived from a passphrase)
├── openai_token.slock
├── ssh_key_prod.slock
└── mydb_pass.slock
📝 Note: If you encounter any issues during installation, please check the Issues section or open a new ticket. 🦀🔐 smart-locker is a personal project to explore Rust deeply while building a useful security tool for everyday DevOps workflows.
📝 License
This project is licensed under the MIT License. See the LICENSE file for details.
🔃 Changelog
See the CHANGELOG for a detailed list of changes and updates.
📜 Contributing
Please use the commit message format feat: <description>
for new features and fix: <description>
for bug fixes. For more details, see the Contributing Guide.
Dependencies
~11–20MB
~363K SLoC