{"id":13628808,"url":"https://github.com/angt/secret","last_synced_at":"2026-01-16T17:03:16.103Z","repository":{"id":99728763,"uuid":"258429190","full_name":"angt/secret","owner":"angt","description":"A tiny secret store to keep your little secrets","archived":false,"fork":false,"pushed_at":"2026-01-12T19:40:46.000Z","size":81,"stargazers_count":72,"open_issues_count":1,"forks_count":3,"subscribers_count":5,"default_branch":"master","last_synced_at":"2026-01-12T20:04:07.162Z","etag":null,"topics":["c","crypto","hacktoberfest","keyring","password-store","secret","storage"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/angt.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-04-24T06:44:07.000Z","updated_at":"2026-01-12T19:40:51.000Z","dependencies_parsed_at":"2025-01-16T22:25:32.690Z","dependency_job_id":"f97a334c-1c79-4609-8162-13605906c6e8","html_url":"https://github.com/angt/secret","commit_stats":null,"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/angt/secret","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/angt%2Fsecret","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/angt%2Fsecret/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/angt%2Fsecret/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/angt%2Fsecret/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/angt","download_url":"https://codeload.github.com/angt/secret/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/angt%2Fsecret/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28480081,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T11:59:17.896Z","status":"ssl_error","status_checked_at":"2026-01-16T11:55:55.838Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c","crypto","hacktoberfest","keyring","password-store","secret","storage"],"created_at":"2024-08-01T22:00:57.789Z","updated_at":"2026-01-16T17:03:16.095Z","avatar_url":"https://github.com/angt.png","language":"C","funding_links":[],"categories":["C"],"sub_categories":[],"readme":"# secret\n\nA simple and tiny tool that will help you keep your little secrets.\n\n## Features\n\n`secret` is the simplest secret store you can think of.\nBut it does have some interesting features:\n\n - Requires only one file `~/.secret` that you can share publicly without fear.\n - No configuration. No directory. Get back your file and you're done.\n - Secret names (usually hostname, mail, login, etc.) are also encrypted.\n - A secret agent that only trusts subprocesses. Not all the processes of the same user!\n - Secret names completion is available after calling the secret agent.\n - Supports unstored secrets. Derived from some simple keys and a passphrase.\n - Supports multiple passphrases. A confirmation is requested for each new passphrase.\n - Supports TOTP natively. The name must contain the word `totp`.\n - Depends only on the [libhydrogen](https://libhydrogen.org/) library.\n - Small, simple and non obfuscated C code. Well, I hope so :)\n\n## Security\n\nThe main goal is to have `secret` working on all architectures and to make it very simple to audit.\n\nLuckily, permutation-based cryptography has arrived and makes it possible to achieve this goal with very little code.\nIn 2020, using a bloated library full of CVEs will not have been reasonable considering the major advances in this field.\n\nOnly one cryptographic building block is used, the [Gimli](https://gimli.cr.yp.to/gimli-20170627.pdf) permutation.\nAll cryptographic operations are derived from this permutation and implemented in the [libhydrogen](https://libhydrogen.org/) library.\n\n## Install\n\n### Download precompiled binaries\n\nYou can find the latest gzipped binaries for Linux and macOS [here](https://github.com/angt/secret/releases/latest).\n\nFor example, on macos with an intel cpu, do the following:\n\n $ curl -sSOf https://github.com/angt/secret/releases/latest/download/secret-x86_64-macos.gz\n $ gunzip secret-x86_64-macos.gz\n $ chmod +x secret-x86_64-macos\n $ ./secret-x86_64-macos\n\n### Build from source\n\nThis should work on a wide variety of architectures and POSIX systems.\nIt was successfully tested on Linux, OpenBSD, FreeBSD and MacOS.\n\nClone the repository recursively:\n\n $ git clone https://github.com/angt/secret --recursive\n $ cd secret\n\nThen, run as `root`:\n\n # make install\n\nAs usual, you can customize the destination with `DESTDIR` and `prefix`.\nTypically if you want to change the default `/usr/local` prefix:\n\n # make prefix=/usr install\n\n### Tab completion\n\nTab completion works with `bash`, `zsh` and `yash`.\nUnfortunately, it doesn't work out of the box, you have to setup it manually.\nLuckily, it's super easy!\n\nDownload the file corresponding to your shell:\n\n - [argz.bash](https://raw.githubusercontent.com/angt/argz/master/comp/argz.bash)\n - [argz.yash](https://raw.githubusercontent.com/angt/argz/master/comp/argz.yash)\n - [argz.zsh](https://raw.githubusercontent.com/angt/argz/master/comp/argz.zsh)\n\nThen, for `bash`, you can add these lines in your `.bashrc`:\n\n . YOUR_PATH_TO/argz.bash\n\n complete -F _argz secret\n\nFor `yash`, in your `.yashrc`:\n\n . YOUR_PATH_TO/argz.yash\n\n function completion/secret {\n command -f completion//reexecute argz\n }\n\nAnd finally, for `zsh`, in your `.zshrc`:\n\n . YOUR_PATH_TO/argz.zsh\n\n compdef _argz secret\n\nCompletion for secrets is only available in a trusted shell. See below.\n\n## Commands\n\nAvailable commands:\n\n init Initialize secret\n list List all secrets for a given passphrase\n show Print a secret\n dump Dump a raw secret\n new Generate a new random secret\n set Set a new secret\n renew Regenerate an existing secret\n update Update an existing secret\n pass Print a deterministic secret\n agent Run a process in a trusted zone\n version Show version\n\nAll secrets are encrypted in the file `~/.secret`.\nYou can use a different file with the `SECRET_STORE` environment variable:\n\n $ env SECRET_STORE=\u003cFILE\u003e secret ...\n\n## Examples\n\nInitialize secret for the current user:\n\n $ secret init\n\nAdd a new randomly generated secret:\n\n $ secret new test\n Passphrase:\n No secrets stored with this passphrase.\n Please, retype it to confirm:\n /xK;{%@d~hPh.L'5-Sn{sBQd5\n\nShow the secret:\n\n $ secret show test\n Passphrase:\n /xK;{%@d~hPh.L'5-Sn{sBQd5\n\nRename a secret, press ENTER to not change it:\n\n $ secret update test test2\n Passphrase:\n Secret:\n\n $ secret show test2\n Passphrase:\n /xK;{%@d~hPh.L'5-Sn{sBQd5\n\nMark a secret for deletion by renaming, the slot will be reused by the next creation:\n\n $ secret update test DELETED:test\n Passphrase:\n Secret:\n\nPipe a secret:\n\n $ secret show test2 | tr -cd [a-z] | secret update test2\n Passphrase:\n Passphrase:\n\n $ secret show test2\n Passphrase:\n xdhhnsd\n\nAdd a TOTP token:\n\n $ echo -n JBSWY3DPEHPK3PXP | base32 -d | secret set test/totp\n Passphrase:\n\n $ secret show test/totp\n Passphrase:\n $ 123456\n\nAdd a base32 encoded TOTP token:\n\n $ echo JBSWY3DPEHPK3PXP | secret set test/totp32\n Passphrase:\n\n $ secret show test/totp32\n Passphrase:\n $ 123456\n\nDerive a deterministic (a.k.a. unstored) secret:\n\n $ secret pass me@domain.com\n Passphrase:\n a`4$B2mJ=|\"HD?b4:/y\"?wOaQ\n\nSubkeys are also supported, this allows to update your secret in a clean way:\n\n $ secret pass me@domain.com 2020\n Passphrase:\n F\"1j;-X]t.Pi\u003e.xf5hG,]dUMz\n\nAdd a binary secret:\n\n $ dd if=/dev/urandom bs=1 count=32 2\u003e/dev/null | secret set mykey\n Passphrase:\n\n $ secret show mykey | xxd\n Passphrase:\n 00000000: 0ee9 cdb3 de0a 3e71 b623 726d 5d7e eb23 ......\u003eq.#rm]~.#\n 00000010: 5b43 a458 3fb7 3b96 ea9b 6e47 d302 cae7 [C.X?.;...nG....\n\nAdd a multiline secret:\n\n $ secret set test/multiline \u003c\u003c EOF\n first secret line\n second secret line\n EOF\n\n $ secret show test/multiline\n first secret line\n second secret line\n\nAdd a reasonable file as secret: \n\n $ cat /tmp/secret_file | secret set test/secret\n\nStart a trusted zone:\n\n $ secret agent\n Passphrase:\n\nNow, the passphrase is not requested and completion fully works!\n\nIf you don't use `bash` but still want completion,\nrun `secret agent \u003cyourawesomeshell\u003e` or (much better) send a PR to add support for your shiny shell :)\n\n---\nFor feature requests and bug reports,\nplease create an [issue](https://github.com/angt/secret/issues).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fangt%2Fsecret","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fangt%2Fsecret","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fangt%2Fsecret/lists"}