I would like to propose an offline-first CLI-based password manager that integrates seamlessly with the existing zecrypt-server backend, while also supporting secure local file system storage.
The goal is to enable users—especially developers and power users—to manage passwords locally via a CLI, with optional encrypted synchronization to the backend server.
Problem Statement
Currently, password managers are often:
- Fully dependent on network connectivity
- Browser or UI-heavy
- Hard to integrate into developer workflows
- Less flexible for air-gapped or offline environments
There is a strong use case for:
- A local, CLI-driven password manager
- Secure file-based encrypted storage
- Optional zero-knowledge sync with the backend
- Proposed Solution
Introduce a CLI client that acts as a first-class consumer of zecrypt-server and supports:
- CLI-Based Password Management
Users interact via terminal commands:
zecrypt init
zecrypt login
zecrypt add github --username user --password ****
zecrypt get github
zecrypt list
- Encrypted Local File System Storage (Offline-First)
Passwords stored locally in encrypted form
No backend dependency for read/write operations
Example structure:
~/.zecrypt/
├── vaults/
│ ├── personal.zvault
│ └── work.zvault
├── config.yml
└── keystore
Encryption keys derived from:
Master password
OS keychain / keystore (optional)
3. Optional Backend Sync (Zero-Knowledge)
CLI syncs encrypted vaults with zecrypt-server
Server never sees plaintext data
Backend acts as:
- Encrypted vault storage
- Metadata/version manager
Possible APIs:
POST /vault/sync
GET /vault/export
POST /vault/import
- Import / Export Capabilities
Enable:
Export local vault → backend
Import backend vault → local file
Backup / restore workflows
Easy migration between machines
Formats:
- Encrypted .zvault files
- Optional decrypted export (explicit user consent)
- Sync Strategy (Initial Ideas)
- Timestamp-based or version-based sync
- Conflict detection with manual resolution
- Advanced option (future): CRDT-based sync
Benefits
- Offline-first & developer-friendly
- Strong security & zero-knowledge compliance
- CLI automation & scripting support
- Easy backup, restore, and migration
- Extends zecrypt beyond web-only usage
I would like to propose an offline-first CLI-based password manager that integrates seamlessly with the existing zecrypt-server backend, while also supporting secure local file system storage.
The goal is to enable users—especially developers and power users—to manage passwords locally via a CLI, with optional encrypted synchronization to the backend server.
Problem Statement
Currently, password managers are often:
There is a strong use case for:
Introduce a CLI client that acts as a first-class consumer of zecrypt-server and supports:
Users interact via terminal commands:
Passwords stored locally in encrypted form
No backend dependency for read/write operations
Example structure:
~/.zecrypt/
├── vaults/
│ ├── personal.zvault
│ └── work.zvault
├── config.yml
└── keystore
Encryption keys derived from:
Master password
OS keychain / keystore (optional)
3. Optional Backend Sync (Zero-Knowledge)
CLI syncs encrypted vaults with zecrypt-server
Server never sees plaintext data
Backend acts as:
Possible APIs:
Enable:
Export local vault → backend
Import backend vault → local file
Backup / restore workflows
Easy migration between machines
Formats:
Benefits