locknkey

locknkey is the official Node.js Command Line Interface (CLI) for LockBox, a Zero-Knowledge Secret Management platform. It allows developers to securely inject environment variables into their applications and manage their secrets directly from the terminal.

Read the Full Documentation via CLI_DOCS.md

Features

• End-to-End Encryption: Secrets are encrypted on the client side using your Master Password before ever reaching the server.
• Zero-Knowledge: Validated architecture where the server never sees your raw secrets or master key.
• Environment Injection: Seamlessly run commands with secrets injected into the process environment (locknkey run ...).
• Organization & Project Management: View your access and manage secrets across multiple organizations and projects.
• Cross-Platform: Works on Windows, macOS, and Linux.

Installation

Install globally via npm:

npm install -g locknkey

Getting Started

1. Login: Authenticate with your Lockbox account (requires Google Sign-In via browser).

   locknkey login

2. Initialize Session: Unlock your local vault with your Google Authenticator Code. This derives your session keys.

   locknkey init

3. View Status: Check your login status.

   locknkey --show
   # Or view details:
   locknkey --show --org
   locknkey --show --proj

4. Run with Secrets: Execute any command with secrets injected for a specific project.

   # Usage: locknkey run <project-id-or-name> -- <command>
       
   # Example: Run 'npm run dev' with secrets from 'project1' (dev environment)
   locknkey run project1 -- npm run dev
   
   # Specify environment:
   locknkey run project1 -s -- npm start  # Staging
   locknkey run project1 -p -- npm start  # Production

Security

• Encryption: Uses NaCl (TweetNaCl) for high-speed, high-security cryptography.
• Key Derivation: Argon2id is used for key derivation from your Master Password.
• Storage: Session keys are stored in secure memory or OS-protected storage where available.

License

ISC