README
¶
vlt-go
A cross-platform terminal-based, fully local password manager written in Go. Secure, simple, and deliberate.
Supports Linux and Windows.
Installation & Setup
Prerequisites
- Go 1.19 or later installed (https://go.dev/dl/)
- Build Tools (required for CGO compilation):
- Linux: Install build-essential
sudo apt update sudo apt install build-essential - Windows: Install GCC (via MinGW-w64 or TDM-GCC)
- MinGW-w64: https://www.mingw-w64.org/downloads/
- TDM-GCC: https://jmeubank.github.io/tdm-gcc/
- Linux: Install build-essential
Install Globally
Method 1: Direct Install (Recommended)
Install vlt_go and vlt_daemon_go directly from GitHub:
Linux:
# Enable CGO and install both binaries
export CGO_ENABLED=1
go install github.com/dvdagreat/vlt-go/cmd/vlt_go@latest
go install github.com/dvdagreat/vlt-go/cmd/vlt_daemon_go@latest
Windows (PowerShell):
# Enable CGO and install both binaries
$env:CGO_ENABLED=1
go install github.com/dvdagreat/vlt-go/cmd/vlt_go@latest
go install github.com/dvdagreat/vlt-go/cmd/vlt_daemon_go@latest
Windows (CMD):
REM Enable CGO and install both binaries
set CGO_ENABLED=1
go install github.com/dvdagreat/vlt-go/cmd/vlt_go@latest
go install github.com/dvdagreat/vlt-go/cmd/vlt_daemon_go@latest
Method 2: Clone and Install
Clone the repository and install locally:
Linux:
# Clone the repository
git clone https://github.com/dvdagreat/vlt-go.git
cd vlt-go
# Enable CGO and install both binaries globally
export CGO_ENABLED=1
go install ./cmd/vlt_go
go install ./cmd/vlt_daemon_go
Windows (PowerShell):
# Clone the repository
git clone https://github.com/dvdagreat/vlt-go.git
cd vlt-go
# Enable CGO and install both binaries globally
$env:CGO_ENABLED=1
go install ./cmd/vlt_go
go install ./cmd/vlt_daemon_go
Windows (CMD):
REM Clone the repository
git clone https://github.com/dvdagreat/vlt-go.git
cd vlt-go
REM Enable CGO and install both binaries globally
set CGO_ENABLED=1
go install ./cmd/vlt_go
go install ./cmd/vlt_daemon_go
The binaries will be installed to $GOPATH/bin/ (or %GOPATH%\bin\ on Windows), which should be in your PATH.
Verify installation:
vlt_go --help
Usage
Adding a credential:
vlt_go pass add
Retrieving a credential to clipboard:
vlt_go pass get
Editing a credential:
vlt_go pass edit
Removing a credential:
vlt_go pass rm
Viewing help and commands:
vlt_go --help
# or for specific commands
vlt_go pass --help
Using the Daemon
If you don't want to type your master password for every command, run the daemon in a dedicated terminal window:
vlt_daemon_go
While running, vlt_go will automatically pull the cached password for 5 minutes (configurable).
Goals
vlt-go is designed to be a universal store for:
- Credentials and passwords
- Access tokens (API keys, OAuth tokens, etc.)
- Security and emergency recovery keys
- Private keys (SSH, etc.)
Essentially, if it can be stored as text, vlt-go can protect it behind a single master password.
Why another password manager?
Most modern solutions (1Password, NordPass, Proton Pass, etc.) are cloud-based and closed-source. While convenient, they introduce specific risks that vlt-go eliminates:
- Cloud Exposure: Cloud-based credentials can technically be accessed from anywhere—even if you don't want them to be.
- Single Point of Failure: Large-scale password SaaS platforms are "honeypots" for hackers; a single breach can expose millions of users.
- Closed Source Lack of Transparency: Proprietary encryption logic lacks public auditability. You have to trust the company is using industry-grade methods.
- True Zero-Knowledge: Many platforms claim zero-knowledge, but they still manage your recovery and account access.
The vlt-go Approach
- Local-First:
vlt-gois fully offline. Your data never leaves your machine. No "Account Compromised" emails, because there is no account—just your local system. - Open Source: The code is transparent and open for community audit. Vulnerabilities can be identified and patched by anyone, free from corporate gatekeeping.
- Strict Zero-Knowledge: Security is enforced locally. If you lose your master password, even the tool cannot recover your data. You are in total control.
Features
- Secure Storage — Add, retrieve, and manage credentials via an intuitive CLI. Data is stored in a locally encrypted SQLite database.
- Master Password Protection — Only one password to remember. The master password is never stored on disk, placing the full weight of security in the user's hands.
- Smart Daemon Tool — The vlt_daemon_go caches your master password in memory for 5 minutes, balancing high security with developer productivity. Uses Unix sockets on Linux/macOS and Named Pipes on Windows for secure inter-process communication.
- Lightweight & Native — No GUI bloat or heavy external dependencies. Built for speed and shell integration.
- Hardened Security — Utilizes the Argon2 hashing algorithm for robust key derivation, ensuring your data is protected by industry-standard cryptography.
- Cross-Platform — Works seamlessly on Linux and Windows with platform-specific optimizations.
Downsides of using vlt-go
- (accessibility) You lose the ability to access your passwords across machines.
- (accessibility) You can't use Autofill (...yet!)
- (human psychology) You need to be careful against social engineering by hackers. If they get your master password then they can access all your passwords.
- (accessibility) If you forget your master password, there is no way to restore your password due to zero knowledge architecture.
Architecture
The project is structured into multiple packages:
- cmd/vlt_go: Main CLI application
- cmd/vlt_daemon_go: Background daemon for credential caching
- pkg/crypto: Encryption and key derivation (AES-256-GCM, Argon2)
- pkg/storage: SQLite-based persistent storage
- pkg/daemon: Daemon server implementation
- internal/cli: CLI command handlers
- internal/utils: Utility functions
Security
- Encryption: AES-256-GCM
- Key Derivation: Argon2id with configurable parameters
- Password Hashing: Argon2id with salt
- Session Management: In-memory caching with 5-minute timeout
License
MIT License - see LICENSE file for details.
Credits
This is a Go port of vlt-rs, the original Rust implementation.
Directories
Click to show internal directories.
Click to hide internal directories.