Black-Bag
A quantum-secure password manager that runs entirely in RAM, leaving zero traces on disk.
Features
- RAM-Only Execution: Runs entirely in volatile memory
- Post-Quantum Cryptography: ML-KEM and MLDSA algorithms
- Zero Disk Traces: No swap, no temp files, no forensic artifacts
- Fixed Contact Display: All contact fields now properly display with
get --reveal - Memory Locking: Prevents secrets from being swapped to disk
Installation
Quick Start with RAM Drive (macOS)
# Create 512MB RAM disk
BLACK_BAG_RAM_SIZE=512
# Or manually create RAM disk
DISK= # 512MB
# Run black-bag from RAM
Basic Usage
# Initialize vault
# Add login
# Add contact (with fixed display)
# View contact (all fields now display properly)
# List all entries
RAM Drive Sizes
- 256MB: Minimal vault (~1000 entries)
- 512MB: Standard vault (~5000 entries) [Default]
- 1GB: Large vault (~10000 entries)
- 2GB: Maximum security (entire binary in RAM)
Security Notes
- Master passphrase required for all operations
- Argon2id key derivation (262MB memory cost)
- ChaCha20-Poly1305 authenticated encryption
- Post-quantum KEX and signatures
- Automatic memory wiping on exit
What's Fixed in This Version
v0.4.5
- Fixed: Contact records now display all fields (full_name, emails, phones) with
get --reveal - Added: Built-in RAM drive support
- Improved: Memory security with better mlock handling
v0.3.4 Bug Fix
Previously, RecordData::Contact had an empty render_sensitive() implementation at line 1605.
Now properly displays all contact fields when using --reveal.
Platform Support
- macOS: Full RAM disk support via hdiutil
- Linux: tmpfs support
- Windows: ImDisk required for RAM drives
License
MIT OR Apache-2.0