{"id":13509311,"url":"https://github.com/cloudflare/gokey","last_synced_at":"2025-05-13T23:07:49.932Z","repository":{"id":43374808,"uuid":"71583866","full_name":"cloudflare/gokey","owner":"cloudflare","description":"A simple vaultless password manager in Go","archived":false,"fork":false,"pushed_at":"2025-02-06T22:06:01.000Z","size":60,"stargazers_count":2039,"open_issues_count":4,"forks_count":90,"subscribers_count":14,"default_branch":"main","last_synced_at":"2025-04-10T00:14:51.121Z","etag":null,"topics":["deterministic","ecc","ed25519","key-generator","keychain","password-generator","password-manager","password-store","password-vault","rsa-key","seed","stateless"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cloudflare.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-10-21T17:06:28.000Z","updated_at":"2025-04-04T02:22:44.000Z","dependencies_parsed_at":"2023-02-08T19:55:13.078Z","dependency_job_id":"4be9252c-8717-4270-8c8f-cac0d30aa0b9","html_url":"https://github.com/cloudflare/gokey","commit_stats":{"total_commits":44,"total_committers":17,"mean_commits":2.588235294117647,"dds":0.75,"last_synced_commit":"51044cff1cd7023b7e703dcb03b1c9eb44854e0d"},"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudflare%2Fgokey","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudflare%2Fgokey/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudflare%2Fgokey/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cloudflare%2Fgokey/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cloudflare","download_url":"https://codeload.github.com/cloudflare/gokey/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248131315,"owners_count":21052819,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["deterministic","ecc","ed25519","key-generator","keychain","password-generator","password-manager","password-store","password-vault","rsa-key","seed","stateless"],"created_at":"2024-08-01T02:01:06.047Z","updated_at":"2025-04-10T00:14:55.657Z","avatar_url":"https://github.com/cloudflare.png","language":"Go","funding_links":[],"categories":["Go","others","Security \u0026 Privacy"],"sub_categories":["Password Management"],"readme":"# gokey\n\n![build](https://github.com/cloudflare/gokey/actions/workflows/ci.yml/badge.svg)\n[![Go Report Card](https://goreportcard.com/badge/github.com/cloudflare/gokey)](https://goreportcard.com/report/github.com/cloudflare/gokey)\n\n## A simple vaultless password manager in Go\n\n**gokey** is a password manager, which does not require a password vault.\nInstead of storing your passwords in a vault it derives your password on the\nfly from your master password and supplied _realm_ string (for example,\nresource URL). This way you do not have to manage, backup or sync your password\nvault (or trust its management to a third party) as your passwords are\navailable immediately anywhere.\n\n###### example\n```\ngokey -p super-secret-master-password -r example.com\n```\n\n###### options\n\n  - `-o \u003coutput path\u003e` - by default **gokey** outputs generated data to\n  `stdout`\n  - `-P \u003c/path/to/password\u003e` - path to master password file which will be used\n  to generate other passwords/keys or to encrypt seed file (see [Modes of\n  operation](#modes-of-operation) below, if no master password or master\n  password file is provided, **gokey** will ask for it interactively)\n  - `-p \u003cmaster password\u003e` - master password which will be used to generate\n  other passwords/keys or to encrypt seed file (see [Modes of\n  operation](#modes-of-operation) below, if no master password or master\n  password file is provided, **gokey** will ask for it interactively)\n  - `-r \u003cpassword/key realm\u003e` - any string which identifies requested\n  password/key, most likely key usage or resource URL\n  - `-s \u003cpath to seed file\u003e` - needed, if you want to use seed file instead of\n  master password as an entropy source (see [Modes of\n  operation](#modes-of-operation) below); can be generated with `-t seed` flag\n  as described below\n  - `-skip \u003cnumber of bytes\u003e` - number of bytes to skip when reading seed file\n  - `-u` - **UNSAFE**, allow generating keys without using a seed file (see\n  [Modes of operation](#modes-of-operation) below)\n  - `-t \u003cpassword/key type\u003e` - requested password/key output type\n  - `-l \u003clength\u003e` - number of characters in the generated password or number of\n  bytes in the generated raw stream (default 10 for \"pass\" type and 32 for\n  \"raw\" type)\n\nSupported password/key types:\n  * `pass` - default, generates a password\n  * `seed` - generates a seed file, which can be used with `-s` option later\n  * `raw` - generates 32 random bytes (can be used as a symmetric key)\n  * `ec256` - generates ECC P-256 private key\n  * `ec384` - generates ECC P-384 private key\n  * `ec521` - generates ECC P-521 private key\n  * `rsa2048` - generates 2048-bit RSA private key\n  * `rsa4096` - generates 4096-bit RSA private key\n  * `x25519` - generates x25519 (also known as curve25519) ECC private key\n  * `ed25519` - generates ed25519 ECC private key\n\n### Installation\n\nThe **gokey** command-line utility can be downloaded and compiled using standard\n`go install` approach. Assuming you have [Go](https://golang.org/doc/install)\ninstalled, do\n```\ngo install github.com/cloudflare/gokey/cmd/gokey@latest\n```\nThe `gokey` binary should appear in your `$GOPATH/bin` directory. (Default\n`$HOME/go/bin`)\n\nPrecompiled binaries are also available in the [Releases section](https://github.com/cloudflare/gokey/releases)\n\n### Modes of operation\n\n**gokey** can generate passwords and cryptographic private keys (ECC and RSA\nkeys are currently supported). However, without any additional options\nspecified it uses your master password as a single source of entropy for\ngenerated data. For passwords it is acceptable most of the time, but keys\nusually have much higher entropy requirements.\n\nFor cases, where higher entropy is required for generated passwords/keys,\n**gokey** can use a seed file (a blob with random data) instead of the master\npassword as a source of entropy.\n\n#### Simple mode (without a seed file)\n\nIn simple mode passwords are derived directly from your master password and the\nrealm string. That is each unique combination of a master password and a realm\nstring will produce a unique password.\n\nFor example, if your master password is `super-secret-master-password` and you\nwant to generate a password for `example.com`, you would invoke **gokey** like\n```\ngokey -p super-secret-master-password -r example.com\n```\n\nIf you need a password for a different resource, (`example2.com`), you would\nchange the realm string\n```\ngokey -p super-secret-master-password -r example2.com\n```\nThis way you need to remember only your master password and you can always\nrecreate passwords for your services/resources.\n\nNOTE: In this mode generated passwords are as strong as your master password,\nso do have your master password strong enough. You can also derive private keys\nfrom your master password, but keep in mind, that these keys will have low\nentropy. That is why it is considered unsafe, so **gokey** does not allow it by\ndefault. If you **_really_** know what you are doing, you can override this\ndefault by supplying `-u` flag.\n\n#### Using a seed file\n\nIf you plan to generate not only passwords, but also private keys or you want\nto have your passwords/keys with higher entropy, you can use a seed file\ninstead of the master password. You still need to supply a master password,\nwhen invoking **gokey**, but it will be used only to protect the seed file\nitself; all generated passwords/keys will be derived from the data in the seed\nfile. **gokey** uses seed files protected (encrypted) with your master\npassword, so it is reasonably safe to store/backup seed files to a third party\nlocation, such as Google Drive or Dropbox.\n\nTo generate an encrypted seed file, use\n```\ngokey -p super-secret-master-password -t seed -o seedfile\n```\nThis will create a seed file `seedfile` with 256 bytes of random data. The data\nis encrypted using AES-256-GCM mode and `super-secret-master-password` as a\nkey.\n\nThen, to generate EC-256 private key for `example.com`, use\n```\ngokey -p super-secret-master-password -s seedfile -r example.com -t ec256\n```\n\nNOTE: you still need to remember your master password and keep a backup copy of\nyour seed file. If you forget your master password or lose your seed file, you\nwill lose all derived passwords/keys as well.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudflare%2Fgokey","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcloudflare%2Fgokey","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcloudflare%2Fgokey/lists"}