How do I backup my identity files (SSH/GPG) without compromising them?
Source: Dev.to
The Story: Paranoia & SSH Keys 🔑
I have a specific paranoia: losing my SSH and GPG keys.
If my laptop dies today, I lose access to my servers, my GitHub signing capabilities, and my encrypted backups. But backing them up is terrifying.
- Copying
id_rsato a USB drive feels risky (what if I lose the drive?). - Uploading
~/.sshto Google Drive or Dropbox feels like a security nightmare.
I wanted a middle ground—a “digital safety deposit box.” I wanted to lock my most sensitive keys inside a folder that is mathematically impossible to open without my password, and then feel safe uploading that encrypted blob to the cloud.
That is why I built Vaultix. It wasn’t just for “secrets” in general—it was specifically designed to be the safest transport layer for my digital identity.
What is Vaultix? 🛡️
Vaultix is a cross‑platform command‑line tool written in Go. It manages password‑protected encrypted folders locally on your machine.
Design goals
- Simple – No complex key management. Just a password.
- Secure – AES‑256‑GCM encryption with Argon2id key derivation.
- Invisible – Even the filenames inside the vault are encrypted.
The “Cool” Features
I didn’t just want encryption; I wanted a good Developer Experience (DX). Here’s what makes Vaultix fun to use:
1. Fuzzy Matching 🪄
I hate typing long filenames. If you have a file named super_secret_aws_keys_v2.json, you don’t need to type the whole thing:
# This works!
vaultix extract awsVaultix finds the best match and extracts it.
2. Zero Metadata Leaks 🕵️
If someone steals your laptop and finds your vault, they won’t even know what you are hiding. Vaultix encrypts the file contents and the filenames. A file named passwords.txt becomes a random string like 3f9a2c1d.enc on disk.
3. Drop & Go 🗑️
Need to use a file once and then destroy it? Use the drop command. It decrypts the file for you to use, and immediately removes it from the secure vault:
vaultix drop api_keysUsing Vaultix to Sleep Better at Night
I back up my SSH keys in three commands:
# 1. Create a secure vault
mkdir my_identity_backup
cd my_identity_backup
vaultix init
# 2. Add the sensitive keys
cp ~/.ssh/id_ed25519 .
cp ~/.gnupg/private-keys-v1.d/* .
vaultix add id_ed25519
# 3. Verify and sync
vaultix list
# Now I can zip this 'my_identity_backup' folder
# and upload it to Google Drive without fear.How It Works (The Techy Stuff) 🤓
For the security nerds out there (like me), here’s the architecture. I followed the Golden Rule: Don’t Roll Your Own Crypto.
| Component | Details |
|---|---|
| Language | Go (1.21+) |
| Encryption | AES‑256‑GCM (authenticated encryption) |
| Key Derivation | Argon2id (resistant to GPU cracking) |
| Storage | All data lives in a hidden .vaultix/ folder in your directory |
| Password handling | Vaultix never stores your password; it exists only in memory while the program runs. If you lose the password, the data is gone forever (feature, not a bug). |
Quick Start
Grab the binary for Windows, macOS, or Linux from the Releases page, or build it from source if you have Go installed:
go install github.com/zayan-mohamed/vaultix@latestInitialize a vault
cd my_secrets
vaultix init
# Enter a strong password...Add a file
vaultix add .envList your secure files
vaultix list
# Files in vault:
# .envThat’s it. Your .env file is now encrypted at rest.
Why Go? 🐹
I chose Go because I wanted a single static binary with zero dependencies. Users don’t need to install Python, Node, or OpenSSL libraries just to decrypt their files. You download vaultix, and it just works.
Give It a Try!
I’m looking for feedback, contributors, and security enthusiasts to break it (or fix it).
💻 GitHub:
Repository: Zayan-Mohamed/vaultix – a cross‑platform CLI tool for managing password‑protected encrypted folders.
Encrypted folders
- Uses AES‑256‑GCM encryption with Argon2id key derivation.
- Single binary, zero dependencies.
- Works on Linux, macOS, and Windows.
vaultix
A cross‑platform command‑line tool for managing password‑protected encrypted folders
Features •
Installation •
Quick Start •
Documentation •
Security •
Contributing
📖 Overview
vaultix is a secure, lightweight CLI tool that encrypts files in‑place using military‑grade cryptography. No cloud, no services, no complexity—just strong encryption for your sensitive files.
Key Highlights
- 🔒 Strong Encryption – AES‑256‑GCM with Argon2id key derivation
- 🚀 Zero Dependencies – Single static binary, no runtime requirements
- 💻 Cross‑Platform – Works on Linux, macOS, and Windows
- 🎯 Simple UX – Intuitive commands with smart defaults
- 🔐 No Password Storage – Passwords exist only in memory
- 📦 Portable – Encrypted vaults are interchangeable across all platforms
✨ Features
- ✅ Automatic Encryption – Initialize a vault and all files are encrypted instantly.
- ✅ Fuzzy File Matching – No need to type exact filenames.
- ✅ Default to Current Directory – Less typing, more doing.
- ✅ Extract or Drop – Extract…
📄 Docs:
If you find it useful, drop a ⭐ on the repo—it helps a lot!
Disclaimer: While I used industry‑standard libraries, always keep backups of your important data!