# Keylock CLI
A simple local password manager CLI with Argon2id key derivation and AEAD encryption.
## Features
- Argon2id key derivation with per-install random salt
- AEAD encryption: AES-256-GCM or ChaCha20-Poly1305
- Per-entry unique 12-byte nonce
- Local JSON store at `~/.config/keylock/store.json`
- Commands: setup, add, list, view (clipboard), edit, delete
## Install
```bash
cargo build --release
```
## Usage
```bash
# Show help
./target/release/keylock --help
```
### Initialize storage
```bash
keylock setup
```
### Add a credential
```bash
keylock add --site example --username alice --algo aes
# You will be prompted for the entry password and the master decoder signature
```
### List entries
```bash
keylock list
```
### View and copy to clipboard
```bash
keylock view example
```
### Edit an entry
```bash
keylock edit example --username alice --algo chacha
```
### Delete an entry
```bash
keylock delete example --username alice
```
## Non-interactive/Test mode
Environment variables for automation:
- `KEYLOCK_DECODER`: master decoder signature
- `KEYLOCK_PASSWORD`: password for `add` command
- `XDG_CONFIG_HOME`: override config home (useful in tests)
## Security Notes
- The master decoder signature is never stored; only a random salt is saved under `~/.config/keylock/salt`.
- Keys are derived using Argon2id with memory hardness.
- Each password is encrypted with a unique 12-byte nonce and AEAD (AES-GCM or ChaCha20-Poly1305).
- `view` copies the password to the system clipboard instead of printing.
- Clipboard contents are managed by the OS; clear it if needed.
- Data is stored locally; protect your user account and backups.
## Testing
```bash
cargo test
```
## Release builds
```bash
cargo build --release