promocrypt-cli-1.1.1 is not a library.

promocrypt

                                                       _
 _ __  _ __ ___  _ __ ___   ___   ___ _ __ _   _ _ __ | |_
| '_ \| '__/ _ \| '_ ` _ \ / _ \ / __| '__| | | | '_ \| __|
| |_) | | | (_) | | | | | | (_) | (__| |  | |_| | |_) | |_
| .__/|_|  \___/|_| |_| |_|\___/ \___|_|   \__, | .__/ \__|
|_|                                        |___/|_|

Command-line tool for cryptographically secure promotional code generation and management.

Generate millions of unique, validated promotional codes with machine-binding security, database integration, and flexible output formats.

Overview
Features
Installation
Quick Start
Commands Reference
Database Integration
Typed Column Values
External Commands
Code Formatting
Check Position
Storage Encryption
History & Generation Log
Secret Rotation
Shell Completions
Environment Variables
Exit Codes
Examples
Building from Source
License

Overview

promocrypt is a high-performance CLI for generating and managing promotional codes. Built on the promocrypt-core cryptographic library, it provides:

Cryptographic security: Codes are generated using secure algorithms with embedded check digits
Machine binding: .bin files can be locked to specific machines
Database integration: Direct insertion to PostgreSQL and SQLite
Flexible formatting: Prefixes, suffixes, and separators (e.g., PROMO-XXXX-XXXX-2024)
Audit trail: Track generation history, secret rotations, and configuration changes

Features

Feature	Description
Code Generation	Generate single codes or millions in batches
Code Validation	Validate codes from CLI, files, or databases
Database Insert	PostgreSQL and SQLite with batch insertion
Storage Encryption	Encrypt codes at rest (AES-256-SIV)
External Commands	Pipe to any script (Python, Node.js, etc.)
Output Formats	Plain text, JSON, CSV
Shell Completions	Bash, Zsh, Fish, PowerShell
Check Position	Configurable check digit placement
Code Formatting	Prefix, suffix, separators
Secret Rotation	Safely change passwords
History Tracking	Audit rotations, masterings, changes
Generation Log	Track when/how many codes generated
PG Sync	Import/export .bin to PostgreSQL
Dry-run Mode	Preview without generating
Rate Limiting	Control generation speed

Installation

Download from Releases

Download the latest release for your platform:

# Linux (x86_64)
curl -LO https://github.com/professor93/promocrypt-cli/releases/latest/download/promocrypt-linux-x86_64.tar.gz
tar -xzf promocrypt-linux-x86_64.tar.gz
sudo mv promocrypt /usr/local/bin/

# macOS (Apple Silicon)
curl -LO https://github.com/professor93/promocrypt-cli/releases/latest/download/promocrypt-macos-arm64.tar.gz
tar -xzf promocrypt-macos-arm64.tar.gz
sudo mv promocrypt /usr/local/bin/

Build from Source

# Clone the repository
git clone https://github.com/professor93/promocrypt-cli.git
cd promocrypt-cli

# Build release binary
cargo build --release

# Install to PATH
sudo cp target/release/promocrypt /usr/local/bin/

Quick Start

1. Create a .bin file

# Create a new .bin file with default settings
promocrypt create --name production --secret "my-secure-password"

# Create with custom formatting
promocrypt create --name promo2024 \
    --secret "password" \
    --prefix "PROMO-" \
    --suffix "-2024" \
    --separator "-" \
    --separator-positions "4,8"

2. Generate codes

# Generate a single code
promocrypt generate --secret "my-secure-password"

# Generate 1000 codes to file
promocrypt generate --secret "password" -n 1000 -o codes.txt

# Generate with database insertion
promocrypt generate --secret "password" -n 10000 --db db.toml --table promos

3. Validate codes

# Validate a single code
promocrypt validate PROMO-A3KF-7NP2-2024

# Validate from file
promocrypt validate -f codes.txt --summary

# Validate with quiet mode (only show invalid)
promocrypt validate -f codes.txt --quiet

Commands Reference

Global Options

promocrypt [OPTIONS] <COMMAND>

Options:
    --bin <PATH>           Path to .bin file (default: ./promocrypt.bin)
    --format <FORMAT>      Output format: plain, json, csv (default: plain)
    --quiet                Suppress non-essential output
    --env-file <PATH>      Load environment from file
    -h, --help             Print help
    -V, --version          Print version

create

Create a new .bin file.

promocrypt create [OPTIONS]

Options:
    --name <NAME>                  Secret name (required)
    --secret <SECRET>              Secret password (prompted if not provided)
    --alphabet <ALPHABET>          Custom alphabet (default: 0234679ABCDEFGHJKMNPQRTUXY)
    --length <N>                   Code length excluding check (default: 9)
    --check-position <POS>         Check digit position: 0=start, -1=end, N=position
    --counter-mode <MODE>          Counter mode: file, inbin, manual (default: file)
    --counter-path <PATH>          Path for counter file
    --force                        Overwrite if exists
    --prefix <PREFIX>              Prefix for generated codes
    --suffix <SUFFIX>              Suffix for generated codes
    --separator <CHAR>             Separator character (e.g., '-')
    --separator-positions <POS>    Comma-separated positions (e.g., "4,8")
    --storage-encryption           Enable storage encryption for codes

Examples:
    # Basic
    promocrypt create --name prod --secret "password"

    # With formatting
    promocrypt create --name promo --secret "pass" \
        --prefix "SALE-" --separator "-" --separator-positions "4,8"

    # With storage encryption
    promocrypt create --name secure --secret "pass" --storage-encryption

info

Show .bin file information.

promocrypt info [OPTIONS]

Options:
    --show-audit           Show audit trail details
    --show-history         Show history (rotations, masterings, changes)
    --show-generation-log  Show generation log
    --show-machine-id      Show current machine ID
    --json                 Output as JSON

Examples:
    promocrypt info
    promocrypt info --show-history --json
    promocrypt info --show-machine-id

generate

Generate promotional codes.

promocrypt generate [OPTIONS]

Options:
    --secret <SECRET>              Secret password
    -n, --count <N>                Number of codes (default: 1)
    -c, --counter <N>              Manual counter value
    -o, --output <FILE>            Output file (default: stdout)
    --chunk-size <N>               Chunk size for batches (default: 10000)
    --dry-run                      Preview without generating
    --rate-limit <N>               Max codes per second (0 = unlimited)

    # Format options (override .bin config)
    --prefix <PREFIX>              Add prefix to codes
    --suffix <SUFFIX>              Add suffix to codes
    --separator <CHAR>             Separator character
    --separator-positions <POS>    Separator positions

    # Database options
    --db <CONFIG>                  Database config file (TOML)
    --table <TABLE>                Target table name
    --column <COLUMN>              Code column name (default: code)
    --retry-duplicates             Auto-retry on duplicate key conflict

    # Typed column values
    --set <KEY=VALUE>              Set string column
    --set-int <KEY=VALUE>          Set integer column
    --set-float <KEY=VALUE>        Set float column
    --set-bool <KEY=VALUE>         Set boolean column
    --set-now <KEY>                Set column to current timestamp
    --set-json <KEY=VALUE>         Set JSON/JSONB column
    --set-null <KEY>               Set column to NULL
    --extra <JSON>                 Extra columns as JSON

    # External command
    --exec <COMMAND>               Pipe codes to external command
    --exec-format <FMT>            Format: plain, jsonl (default: plain)

Examples:
    # Generate to stdout
    promocrypt generate --secret pass -n 10

    # Generate to file
    promocrypt generate --secret pass -n 1000 -o codes.txt

    # Generate with database
    promocrypt generate --secret pass -n 10000 --db db.toml --table promos \
        --set-int campaign_id=123 --set status=active --set-now created_at

    # Dry run
    promocrypt generate --secret pass -n 10 --dry-run

validate

Validate promotional codes.

promocrypt validate [OPTIONS] [CODE]

Arguments:
    [CODE]                 Single code to validate

Options:
    -f, --file <FILE>      File with codes (one per line)
    --from-db              Validate all codes in database table
    --db <CONFIG>          Database config (for --from-db)
    --table <TABLE>        Table to read codes from
    --column <COLUMN>      Code column name (default: code)
    --quiet                Only output invalid codes
    --summary              Show summary at end

Examples:
    promocrypt validate A3KF7NP2XM
    promocrypt validate -f codes.txt --summary
    promocrypt validate --from-db --db db.toml --table promos

lookup

Look up code status in database.

promocrypt lookup [OPTIONS] <CODE>

Arguments:
    <CODE>                 Code to look up

Options:
    --db <CONFIG>          Database config file (required)
    --table <TABLE>        Table name (required)
    --column <COLUMN>      Code column name (default: code)

Example:
    promocrypt lookup PROMO-A3KF7NP2XM-2024 --db db.toml --table promos

stats

Show statistics about .bin file and database.

promocrypt stats [OPTIONS]

Options:
    --db <CONFIG>          Include database statistics
    --table <TABLE>        Table to count codes in

Examples:
    promocrypt stats
    promocrypt stats --db db.toml --table promos

export

Export codes from database.

promocrypt export [OPTIONS]

Options:
    --db <CONFIG>              Database config (required)
    --table <TABLE>            Table name (required)
    --column <COLUMN>          Code column name (default: code)
    -o, --output <FILE>        Output file (required)
    --export-format <FMT>      Format: csv, json, sql (default: csv)
    --where <CONDITION>        SQL WHERE clause
    --limit <N>                Maximum rows to export

Examples:
    promocrypt export --db db.toml --table promos -o codes.csv
    promocrypt export --db db.toml --table promos -o unused.json \
        --export-format json --where "used_at IS NULL"

master

Master .bin for a different machine.

promocrypt master [OPTIONS]

Options:
    --secret <SECRET>          Secret password
    --output <PATH>            Output path for mastered .bin
    --target-machine <HEX>     Target machine ID (hex)
    --show-machine-id          Show machine ID and exit

Examples:
    # Get your machine ID
    promocrypt master --show-machine-id

    # Master for another machine
    promocrypt master --secret pass --output server.bin \
        --target-machine a1b2c3d4e5f6...

config

View or modify .bin configuration.

promocrypt config [OPTIONS]

Options:
    --secret <SECRET>                  Secret password (required for modifications)
    --show                             Show current configuration
    --set-prefix <PREFIX>              Set prefix (empty string to remove)
    --set-suffix <SUFFIX>              Set suffix (empty string to remove)
    --set-separator <CHAR>             Set separator character
    --set-separator-positions <POS>    Set separator positions
    --set-check-position <N>           Set check position index
    --set-storage-encryption <BOOL>    Enable/disable storage encryption

Examples:
    promocrypt config --show
    promocrypt config --secret pass --set-prefix "NEW-"
    promocrypt config --secret pass --set-storage-encryption true

rotate-secret

Rotate secret password.

promocrypt rotate-secret [OPTIONS]

Options:
    --old-secret <SECRET>      Current secret
    --new-secret <SECRET>      New secret (prompted if not provided)

Example:
    promocrypt rotate-secret --old-secret "old-pass" --new-secret "new-pass"

history

View, export, or clear history.

promocrypt history [OPTIONS]

Options:
    --export <FILE>            Export history to JSON file
    --clear                    Clear history (requires --secret)
    --keep-last <N>            Keep last N entries when clearing
    --secret <SECRET>          Required for --clear

Examples:
    promocrypt history
    promocrypt history --export history.json
    promocrypt history --clear --keep-last 10 --secret pass

generation-log

View, export, or clear generation log.

promocrypt generation-log [OPTIONS]

Options:
    --export <FILE>            Export log to JSON file
    --clear                    Clear log (requires --secret)
    --keep-last <N>            Keep last N entries when clearing
    --secret <SECRET>          Required for --clear
    --summary                  Show summary only

Examples:
    promocrypt generation-log
    promocrypt generation-log --summary
    promocrypt generation-log --export gen-log.json

pg-import

Import .bin file into PostgreSQL.

promocrypt pg-import [OPTIONS]

Options:
    --db <CONFIG>              PostgreSQL config file (required)
    --secret <SECRET>          Secret password (required)
    --name <NAME>              Name in PostgreSQL (default: use .bin name)

Example:
    promocrypt pg-import --db pg.toml --secret pass

pg-export

Export .bin from PostgreSQL to file.

promocrypt pg-export [OPTIONS]

Options:
    --db <CONFIG>              PostgreSQL config file (required)
    --name <NAME>              Secret name in PostgreSQL (required)
    --secret <SECRET>          Secret password (required)
    -o, --output <PATH>        Output .bin file path (required)

Example:
    promocrypt pg-export --db pg.toml --name campaign --secret pass -o campaign.bin

completions

Generate shell completions.

promocrypt completions <SHELL>

Arguments:
    <SHELL>    Shell: bash, zsh, fish, powershell, elvish

Example:
    promocrypt completions bash > ~/.local/share/bash-completion/completions/promocrypt

Database Integration

PostgreSQL Setup

Create a database config file:

# db-postgres.toml
[database]
type = "postgresql"
host = "localhost"
port = 5432
database = "mydb"
user = "user"
password = "password"
# OR use connection string:
# connection_string = "postgres://user:pass@localhost/mydb"

[insert]
table = "promo_codes"
code_column = "code"

[insert.extra]
campaign_id = 123
status = "active"

Create the table:

CREATE TABLE promo_codes (
    id SERIAL PRIMARY KEY,
    code VARCHAR(50) UNIQUE NOT NULL,
    campaign_id INTEGER,
    status VARCHAR(20) DEFAULT 'active',
    used_at TIMESTAMP,
    created_at TIMESTAMP DEFAULT NOW()
);

Generate codes:

promocrypt generate --secret pass -n 10000 --db db-postgres.toml

SQLite Setup

Create a database config file:

# db-sqlite.toml
[database]
type = "sqlite"
path = "./codes.db"

[insert]
table = "promo_codes"
code_column = "code"

Create the database:

sqlite3 codes.db "CREATE TABLE promo_codes (
    id INTEGER PRIMARY KEY AUTOINCREMENT,
    code TEXT UNIQUE NOT NULL,
    campaign_id INTEGER,
    status TEXT DEFAULT 'active',
    used_at TEXT,
    created_at TEXT DEFAULT CURRENT_TIMESTAMP
);"

Generate codes:

promocrypt generate --secret pass -n 10000 --db db-sqlite.toml

Typed Column Values

Set column values with proper types during generation:

Option	Type	Example
`--set`	String	`--set status=active`
`--set-int`	Integer	`--set-int campaign_id=123`
`--set-float`	Float	`--set-float discount=19.99`
`--set-bool`	Boolean	`--set-bool single_use=true`
`--set-now`	Timestamp	`--set-now created_at`
`--set-json`	JSON/JSONB	`--set-json meta='{"source":"cli"}'`
`--set-null`	NULL	`--set-null deleted_at`

Priority: --set-* > --extra > config file

Example:

promocrypt generate --secret pass -n 1000 --db db.toml --table promos \
    --set-int campaign_id=123 \
    --set-int discount=20 \
    --set status=active \
    --set-bool single_use=true \
    --set-now created_at \
    --set-json metadata='{"source": "cli", "version": 1}'

External Commands

Pipe codes to any external program for custom database insertion:

# Plain text (one code per line)
promocrypt generate --secret pass -n 10000 --exec "./my-inserter.sh"

# JSON lines with extra data
promocrypt generate --secret pass -n 10000 \
    --exec "python insert.py" \
    --exec-format jsonl \
    --set-int campaign_id=123

Example Scripts

Bash + psql (PostgreSQL):

#!/bin/bash
while read code; do
    psql -c "INSERT INTO promos (code) VALUES ('$code')"
done

Python + MongoDB:

#!/usr/bin/env python3
import sys
from pymongo import MongoClient

client = MongoClient('mongodb://localhost:27017')
db = client.mydb

for line in sys.stdin:
    code = line.strip()
    db.promos.insert_one({"code": code})

Node.js + MySQL:

#!/usr/bin/env node
const mysql = require('mysql2/promise');
const readline = require('readline');

async function main() {
    const conn = await mysql.createConnection({
        host: 'localhost', user: 'root', database: 'mydb'
    });
    const rl = readline.createInterface({ input: process.stdin });

    for await (const code of rl) {
        await conn.execute(
            'INSERT INTO promos (code) VALUES (?)',
            [code.trim()]
        );
    }
    await conn.end();
}
main();

Code Formatting

Prefix and Suffix

# Set during creation (stored in .bin)
promocrypt create --name promo --secret pass \
    --prefix "PROMO-" --suffix "-2024"

# Override during generation
promocrypt generate --secret pass -n 10 --prefix "SALE-" --suffix ""

# Output: PROMO-A3KF7NP2XM-2024

Separators

# Create with separators at positions 4 and 8
promocrypt create --name readable --secret pass \
    --separator "-" --separator-positions "4,8"

# Output: XXXX-XXXX-XX

Check Position

The check digit position can be configured for security:

Value	Meaning	Example (10-char)
`-1`	End (default)	`XXXXXXXXX[C]`
`0`	Start	`[C]XXXXXXXXX`
`4`	Position 4	`XXXX[C]XXXXX`
`-3`	3rd from end	`XXXXXXX[C]XX`

Security benefit: Attackers don't know where the check digit is located.

promocrypt create --name secure --secret pass --check-position 4

Storage Encryption

Enable storage encryption for codes stored in SQLite (desktop apps):

# Enable during creation
promocrypt create --name desktop --secret pass --storage-encryption

# Toggle on existing .bin
promocrypt config --secret pass --set-storage-encryption true

Algorithm: AES-256-SIV (deterministic, allows lookups)

History & Generation Log

View History

# View all history
promocrypt history

# Export to JSON
promocrypt history --export history.json

# Clear (keep last 10)
promocrypt history --clear --keep-last 10 --secret pass

View Generation Log

# View log
promocrypt generation-log

# View summary
promocrypt generation-log --summary

# Export to JSON
promocrypt generation-log --export gen-log.json

Secret Rotation

Safely rotate the secret password:

promocrypt rotate-secret --old-secret "old-password" --new-secret "new-password"

After rotation:

All future operations require the new secret
The change is logged in history

Shell Completions

Bash

promocrypt completions bash > ~/.local/share/bash-completion/completions/promocrypt
# Or system-wide:
sudo promocrypt completions bash > /etc/bash_completion.d/promocrypt

Zsh

promocrypt completions zsh > ~/.zsh/completions/_promocrypt
# Add to .zshrc:
fpath=(~/.zsh/completions $fpath)
autoload -Uz compinit && compinit

Fish

promocrypt completions fish > ~/.config/fish/completions/promocrypt.fish

PowerShell

promocrypt completions powershell >> $PROFILE

Environment Variables

Variable	Description
`PROMOCRYPT_SECRET`	Default secret password
`PROMOCRYPT_BIN`	Default .bin file path
`DATABASE_URL`	Database connection string