# gman A universal credential management CLI with a unified interface for all your secret providers. `gman` provides a single, consistent set of commands to manage secrets, whether they are stored in a secure local vault or any other supported provider. Switch between providers on the fly, script interactions with JSON output, and manage your secrets with ease. ## Features - **Secure Local Storage**: Out-of-the-box support for a local vault (`~/.config/gman/vault.yml`) with strong encryption using **Argon2id** for key derivation and **XChaCha20-Poly1305** for authenticated encryption. - **Unified Interface**: A consistent command set (`add`, `get`, `list`, etc.) for every supported provider. - **Provider Selection**: Explicitly choose a provider for a command using the `--provider` flag. - **Flexible Output**: Get secrets in plaintext for scripting, structured `json` for applications, or human-readable text. - **Password Management**: For local secret storage: securely prompts for the vault password. For automation, a password can be supplied via a `~/.gman_password` file, similar to Ansible Vault. - **Shell Completions**: Generate completion scripts for Bash, Zsh, Fish, and other shells. - **Standardized Naming**: Secret names are automatically converted to `snake_case` to ensure consistency. ## Installation Ensure you have Rust and Cargo installed. Then, clone the repository and install the binary: ```sh git clone https://github.com/Dark-Alex-17/gman.git cd gman cargo install --path . ``` ## Configuration `gman` is configured through a YAML file located at `~/.config/gman/config.yml`. A default configuration is created automatically. Here is an example: ```yaml # ~/.config/gman/config.yml --- provider: local password_file: null # Can be set to a path like /home/user/.gman_password ``` ### Vault File For the `local` provider, secrets are stored in an encrypted vault file at `~/.config/gman/vault.yml`. This file should not be edited manually. ### Password File To avoid being prompted for a password with every command, you can create a file at `~/.gman_password` containing your vault password. `gman` will automatically detect and use this file if it exists. ```sh # Create the password file with the correct permissions echo "your-super-secret-password" > ~/.gman_password chmod 600 ~/.gman_password ``` ## Usage `gman` uses simple commands to manage secrets. Secret values are passed via `stdin`. ### Commands **1. Add a Secret** To add a new secret, use the `add` command. You will be prompted to enter the secret value, followed by `Ctrl-D` to save. ```sh gman add my_api_key ``` ``` Enter the text to encrypt, then press Ctrl-D twice to finish input this-is-my-secret-api-key ^D ✓ Secret 'my_api_key' added to the vault. ``` You can also pipe the value directly: ```sh echo "this-is-my-secret-api-key" | gman add my_api_key ``` **2. Get a Secret** Retrieve a secret's plaintext value with the `get` command. ```sh gman get my_api_key ``` ``` this-is-my-secret-api-key ``` **3. Get a Secret as JSON** Use the `--output json` flag to get the secret in a structured format. ```sh gman get my_api_key --output json ``` ``` { "my_api_key": "this-is-my-secret-api-key" } ``` **4. List Secrets** List the names of all secrets in the vault. ```sh gman list ``` ``` Secrets in the vault: - my_api_key - another_secret ``` **5. Update a Secret** Update an existing secret's value. ```sh echo "new-secret-value" | gman update my_api_key ``` ``` ✓ Secret 'my_api_key' updated in the vault. ``` **6. Delete a Secret** Remove a secret from the vault. ```sh gman delete my_api_key ``` ``` ✓ Secret 'my_api_key' deleted from the vault. ``` **7. Generate Shell Completions** Create a completion script for your shell to enable auto-complete for commands and arguments. ```sh # For Bash gman completions bash > /etc/bash_completion.d/gman # For Zsh gman completions zsh > /usr/local/share/zsh/site-functions/_gman ``` ## Creator * [Alex Clarke](https://github.com/Dark-Alex-17)