Skip to content
/ unlocky Public

A lightweight, flexible and fast C-based cli password and secret manager/vault for Linux with encrypted storage (SQLite + libsodium), TOTP gen (SHA1/SHA256).

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Mitschiro/unlocky

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
build
build
 
 
include
include
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

Unlocky - CLI Password and Secret Manager/Vault

My first C-based project.

A lightweight, flexible and fast C-based cli password and secret manager/vault for Linux with encrypted storage (SQLite + libsodium), TOTP gen (SHA1/SHA256).

Features

  • Encrypted Storage: AES-GCM login, password, secret, cmd and totp blobs, Argon2 pw hash.
  • TOTP Support: 6/8 digits, SHA1/SHA256, base32 decode.
  • CLI Commands: add, get, list, modify, delete.
  • No User Management: System-wide vault, per entry password for encrypt/decrypt.

Install

From Source (Arch/Debian)

git clone https://github.com/yourusername/unlocky.git
cd unlocky
sudo make install
unlocky list

Commands

ADD

Full Example

unlocky add -n test -l testlogin -p test1234 -c "sometestapp --login=%login% --password=%password% --totp=%totp% --secret=%secret%" -s "Some%Cool\$ecret" -o JBSWY3DPEHPK3PXP -od 8 -oh 1 -ob 2

Flags

-n (required): Refers to the name of the entry, the name is used to identify the entry and has to be unique.
-l (optional): Refers to the stored login.
-p (required): Refers to the stored password (not to be confused with the master password used to encrypt an entry).
-c (optional): Refers to the stored command, the command has a uniqueness as you might have spotted in the example above. The command itself can hold some of the values stored in the entry -> login as %login%, password as %password%, totp code as %totp% and secret as %secret%. Those values will be replaced during the get command with the actual values.
-o (optional): The stored base32 encoded TOTP seed.
-od (optional): Digits configuration for the TOTP code, defaults to 6. Can be changed by passing 8.
-oh (optional): HMACSHA algo for the TOTP code, defaults to 1 (SHA1) as that is still currently the standard (although slowly fading out) but if you run into some more cutting edge apps which use SHA256 you can change the configuration by passing 256.
-ob (optional): As mentioned above, the program expects a base32 encoded TOTP seed. If you for some reason don't need that, you can disabled the decoding by passing 1 or 2 if you want to enable the decoding.

GET

Example

unlocky get test

Retrieves the entry with the given name if the provided master password works, in the example above that would be the entry with the name test.

LIST

Example

unlocky list

The list command will list all entries in the db without decryption and print only name, created at and updated at for each entry.

MODIFY

Example

unlocky modify test -l newlogin

With the modify command you can change all the parameters except the name as it's unique and cannot be changed, if the provided master password works. The flags are the same as for the ADD command.

DELETE

Example

unlocky delete test

This command will delete an entry from the db, given that the provided master password works.

About

A lightweight, flexible and fast C-based cli password and secret manager/vault for Linux with encrypted storage (SQLite + libsodium), TOTP gen (SHA1/SHA256).

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0 Latest
Nov 10, 2025

Packages

No packages published

Languages