.png)
1 hour ago
2
Hi HN,
I built a small tool called Keepr, a command-line password manager designed for developers who prefer keeping sensitive credentials local, simple, and scriptable.
I work with a lot of API keys, tokens, service passwords, and internal tooling secrets. I always found it frustrating to manage them securely without leaving the terminal or relying on a cloud service. Keepr came out of that pain — it’s a local-only, encryption-first workflow that lives entirely on your machine.
*What it does*
Keepr stores all secrets in an encrypted SQLite database (SQLCipher), protected by a master password. It provides a set of CLI commands for adding, viewing, updating, searching, and deleting entries. A time-limited session keeps the vault unlocked while you work, so repeated decryptions aren’t required.
*How it works (technical overview)*
- Encryption: SQLCipher with AES-256 - Key derivation: PBKDF2-HMAC-SHA256, 1.2M iterations - Key handling: - Master Password → derives a Key Encryption Key (KEK) - KEK decrypts the stored Primary Encryption Key (PEK) - PEK encrypts the entire vault - Session management: an encrypted, time-bound session file avoids repeatedly prompting for the master password - Clipboard support: for quick password retrieval - No network: Keepr never touches the internet; all data stays local
*Why I built it*
I wanted:
- something simpler than a full GUI password manager - something safer than plaintext dotfiles or ad-hoc scripts - something faster than browser extensions - and something developer-friendly that fits into terminal workflows
I couldn’t find a tool that hit all of those, so I made one.
*What’s included*
- add, view, list, update, delete, search - master password setup & rotation - encrypted key storage - secure password generator - high-contrast CLI output - installation via pip or standalone binaries
*What’s missing / limitations*
Keepr is early-stage and still evolving. Some things on the roadmap:
- configuration options (session duration, color scheme, generator settings) - shell autocompletion - export/import utilities - Two factor auth
It’s also worth noting: Keepr is intentionally not designed to sync across devices — it’s purely local and focused on simplicity.
*Links*
GitHub: https://github.com/bsamarji/Keepr PyPI: https://pypi.org/project/Keepr/
I’d appreciate feedback, critiques, or security questions — especially around key management, defaults, and potential attack surfaces. I’ve already learned a lot from building it, and I’m very open to improvements.
Thanks for taking a look!
)
