{"id":13567587,"url":"https://github.com/lukechilds/chest","last_synced_at":"2025-04-14T22:50:34.940Z","repository":{"id":55494041,"uuid":"42145937","full_name":"lukechilds/chest","owner":"lukechilds","description":"Bash glue to encrypt and hide files","archived":false,"fork":false,"pushed_at":"2020-12-27T08:44:04.000Z","size":61,"stargazers_count":131,"open_issues_count":3,"forks_count":7,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-28T10:54:08.323Z","etag":null,"topics":["bash","cli","command-line","cryptography","encryption","password-manager","security"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lukechilds.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-09-09T00:12:54.000Z","updated_at":"2025-02-25T22:34:55.000Z","dependencies_parsed_at":"2022-08-15T01:40:46.055Z","dependency_job_id":null,"html_url":"https://github.com/lukechilds/chest","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lukechilds%2Fchest","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lukechilds%2Fchest/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lukechilds%2Fchest/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lukechilds%2Fchest/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lukechilds","download_url":"https://codeload.github.com/lukechilds/chest/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248975299,"owners_count":21192199,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash","cli","command-line","cryptography","encryption","password-manager","security"],"created_at":"2024-08-01T13:02:35.652Z","updated_at":"2025-04-14T22:50:34.917Z","avatar_url":"https://github.com/lukechilds.png","language":"Shell","funding_links":[],"categories":["Shell"],"sub_categories":[],"readme":"# Chest [![Build Status](https://travis-ci.org/lukechilds/chest.svg?branch=master)](https://travis-ci.org/lukechilds/chest)\n\n\u003e Bash glue to encrypt and hide files\n\nChest allows you to encrypt any file/folder and move it to a hidden directory on your machine. When needed you can retrieve it from the chest into the current working directory.\n\nChest makes use of password based AES256 encryption with a strong key derivation function provided by `gpg` to make sure your data is secure.\n\nYour chest can easily by synced between machines via any third party cloud storage providers such as Dropbox or Google Drive etc.\n\n\u003cp align=\"center\"\u003e\n\t\u003cimg src=\"demo/terminal.svg\" width=\"720\"\u003e\n\u003c/p\u003e\n\n## Why\n\nI wanted something that was:\n\n- Highly secure to store stuff like Bitcoin private keys\n- Easily accessible from the CLI (quickly encrypt/decrypt)\n- Can handle directories or files\n- Sync-able between machines\n- Usable interactively or scriptable\n- Password based (keys are in my brain, not on my machine)\n- Keeps me completely in control of my data\n- Allows me to choose whether to store locally or replicate to the cloud/VPS etc\n- Simple and easy to understand source code\n- No crazy dependencies\n\nChest ticks all those boxes. It's under 300 lines of fairly simple Bash, and about 90% of that are just CLI helper methods. The core encryption logic is easily understandable and is only a handful of lines.\n\nIt's basically a shell script wrapper around `tar | gpg` so you don't have to hand type commands like:\n\n```shell\n# Encrypt secret-folder\ntar -cvzf - \"secret-folder\" | gpg -c --cipher-algo AES256 \u003e \"secret-folder.tar.gz.gpg\"\n\n# Decrypt secret-folder\ngpg -d \"secret-folder.tar.gz.gpg\" | tar -xvzf -\n```\n\n## Usage\n\n```\n$ chest -h\nchest 0.4.0\n\nUsage: chest -e [folder|file]\n       chest -d [key]\n\n  -h            Help. Display this message and quit.\n  -e            Encrypt data and send to chest.\n  -d            Decrypt data from chest.\n  -z            Compress (zip) data before sending to chest.\n  -r            Remove original data after sending to chest.\n  -l            List items in chest.\n  -k [key]      Set key to save/retrieve.\n  -p [password] Set password. (omit to be prompted)\n```\n\n## Options\n\n#### `CHEST_DIR`\n\nThe directory all of your encrypted data will be stored in.\n\nDefaults to `~/.chest`.\n\n```shell\nexport CHEST_DIR=\"$HOME/.chest\"\n```\n\n#### `CHEST_CLEAR_PASSWORD_CACHE`\n\nBy default, `gpg` will cache passwords for as long as the `gpg` agent is running. This means you don't need to keep re-entering the same password to decrypt the same file. This is useful for certain use cases but for storing highly sensitive data is probably not what you want. By default we reload the `gpg` agent each time you enter a password to ensure they aren't cached.\n\nYou can diable this by setting `CHEST_CLEAR_PASSWORD_CACHE` to `false`.\n\nDefaults to `true`.\n\n```shell\nexport CHEST_CLEAR_PASSWORD_CACHE=\"true\"\n```\n\n## Tips\n\n### Cloud Backup/Sync\n\nAs long as you're using strong passwords, it's safe to replicate your Chest to the cloud. Everything will be encrypted before it leaves your machine and the keys are safely stored in your brain.\n\n**To re-iterate, you must use a sufficiently random password for cloud backup to be safe. If you don't fully understand this, do not replicate your chest to third-party cloud providers.**\n\nFor example to set this up with Dropbox, you could either do:\n\n```shell\nln -s ~/Dropbox/chest ~/.chest\n```\n\nor\n\n```shell\nexport CHEST_DIR=\"$HOME/Dropbox/chest\"\n```\n\nNow your encrypted files will be safely replicated around the world on Dropbox's servers to prevent against data loss.\n\nYou can also do this across multiple machines to keep your Chest in sync between them.\n\n## Installation\n\n### macOS\n\n```shell\nbrew install lukechilds/tap/chest\n```\n\n### Linux\n\nJust clone this repo and either copy/symlink `chest` to your PATH or run the script directly with `./chest`. Requires `gpg` to be installed.\n\n### Windows\n\n```\n¯\\_(ツ)_/¯\n```\n\n## License\n\nMIT © Luke Childs\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flukechilds%2Fchest","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flukechilds%2Fchest","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flukechilds%2Fchest/lists"}