Skip to content
/ ZeroLock Public

ZeroLock is an open-source, Git-based secret manager that leverages developers' existing SSH keys for identity-based encryption. Built with Rust, Git, and Age encryption, it eliminates cloud dependencies while providing secure secret management that works offline and costs nothing.

License

View license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TeamMavericKX/ZeroLock

BranchesTags

Repository files navigation

ZeroLock 🔐

The last secret manager you'll ever pay for.

ZeroLock is a zero-cost, Git-native secret manager that uses your existing SSH keys for encryption. No cloud dependencies, no monthly fees, no vendor lock-in.

🚀 Quick Start

# Initialize ZeroLock in your repository
cargo run -- init

# Add your teammates' public keys (either SSH or age format)
cargo run -- add-user age1...

# Insert a secret
echo "DATABASE_PASSWORD=supersecret" | cargo run -- insert prod/database.env --stdin

# View a secret
cargo run -- view prod/database.env

# List all encrypted secrets
cargo run -- list

# Re-encrypt all secrets when team changes
cargo run -- rekey

💰 Free Forever

Unlike HashiCorp Vault ($50+/month) or AWS Secrets Manager ($1/month per secret), ZeroLock costs absolutely nothing. It runs on your laptop using the SSH keys you already have.

🔐 No Setup Required

ZeroLock automatically discovers your SSH keys in ~/.ssh/ and works with your existing Git workflow. No server setup, no configuration files.

🛡️ Security First

  • End-to-end encryption with ChaCha20-Poly1305
  • Multi-recipient support for team collaboration
  • Automatic prevention of plaintext secrets in Git
  • Defense against side-channel attacks

🏗️ Architecture

ZeroLock follows a modular architecture:

  • CLI Layer: Command-line interface using Clap
  • Identity Management: Handles SSH and age keys
  • Crypto Engine: Encryption/decryption with age crate
  • Secret Manager: High-level secret operations
  • Git Integration: Git hooks and repository integration

📁 File Structure

.project-root/
├── .zerolock/                 # ZeroLock configuration
│   ├── config.json           # Configuration file
│   ├── users                 # Authorized public keys
│   └── metadata/             # Internal metadata
├── secrets/                  # Encrypted secret files
│   ├── prod.env.age          # Production environment variables
│   └── api.keys.age          # API keys
└── .gitattributes            # Git configuration for encrypted files

🛠️ Commands

  • init: Initialize ZeroLock in the current directory
  • insert <path>: Insert a new encrypted secret
  • view <path>: View a decrypted secret
  • list: List all encrypted secrets
  • add-user <key>: Add a user to the authorized list
  • remove-user <fingerprint>: Remove a user from authorized list
  • rekey: Re-encrypt all secrets for current user list

🚀 Development

To build and run ZeroLock:

# Clone and build
git clone <repo-url>
cd zerolock
cargo build

# Run directly
cargo run -- --help

# Or build and run separately
cargo build --release
./target/release/zerolock --help

🤝 Contributing

ZeroLock is designed to be extended. Key areas for contribution include:

  • Additional key format support (PGP, etc.)
  • Editor integration for secret editing
  • Git merge drivers for conflict resolution
  • Import/export from other secret managers

About

ZeroLock is an open-source, Git-based secret manager that leverages developers' existing SSH keys for identity-based encryption. Built with Rust, Git, and Age encryption, it eliminates cloud dependencies while providing secure secret management that works offline and costs nothing.

Resources

Readme

License

View license

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages