Keylock CLI

A simple local password manager CLI with Argon2id key derivation and AEAD encryption.

Features

• Argon2id key derivation with per-install random salt
• AEAD encryption: AES-256-GCM or ChaCha20-Poly1305
• Per-entry unique 12-byte nonce
• Local JSON store at ~/.config/keylock/store.json
• Commands: setup, add, list, view (clipboard), edit, delete

Install

cargo build --release

Usage

# Show help
./target/release/cli-starter --help

Initialize storage

cli-starter setup

Add a credential

cli-starter add --site example --username alice --algo aes
# You will be prompted for the entry password and the master decoder signature

List entries

cli-starter list

View and copy to clipboard

cli-starter view example

Edit an entry

cli-starter edit example --username alice --algo chacha

Delete an entry

cli-starter delete example --username alice

Non-interactive/Test mode

Environment variables for automation:

• KEYLOCK_DECODER: master decoder signature
• KEYLOCK_PASSWORD: password for add command
• XDG_CONFIG_HOME: override config home (useful in tests)

Security Notes

• The master decoder signature is never stored; only a random salt is saved under ~/.config/keylock/salt.
• Keys are derived using Argon2id with memory hardness.
• Each password is encrypted with a unique 12-byte nonce and AEAD (AES-GCM or ChaCha20-Poly1305).
• view copies the password to the system clipboard instead of printing.
• Clipboard contents are managed by the OS; clear it if needed.
• Data is stored locally; protect your user account and backups.

Testing

cargo test

Release builds

cargo build --release
strip target/release/cli-starter || true