AgniVault is a cybersecurity-focused, systems-level CLI tool that encrypts, stores, opens, and manages entire development projects locally.
All decrypted data exists only in RAM (/dev/shm/agnivault/), ensuring zero plaintext on disk.
Built in C++20 using libsodium, yaml-cpp, and SQLite.
AgniVault provides a secure local vault for storing entire project directories. It is designed for developers who want:
- Local encryption
- Offline privacy
- Fast RAM-based workspaces
- Developer-centric CLI commands
- Zero plaintext on disk
AgniVault uses identity metadata (name + email) only for authenticity tagging, not encryption. Identity must match to open a project, but it is not part of any key.
All persistent data is stored under:
~/.config/agnivault/
├── VaultCode (master key)
├── agnivault.db (SQLite metadata)
└── config.yaml (identity for authenticity checks)
Decrypted project files exist only here:
/dev/shm/agnivault/<project_name>/
- 🔐 Strong encryption using libsodium (XChaCha20-Poly1305)
- 🧾 Identity-based authenticity tags, not encryption keys
- ⚡ RAM-only decrypted workspace
- 🗄️ SQLite-backed metadata system
- 🛠️ Full CLI for project lifecycle management
- 📁 Handles entire project directories, not just secrets
- 🧩 YAML configuration via yaml-cpp
- 🛑 Zero plaintext ever touches disk
- C++20 compiler (g++ ≥ 11 / clang ≥ 12)
- libsodium
- yaml-cpp
- sqlite3
- make
Debian / Ubuntu
sudo apt install libsodium-dev libyaml-cpp-dev libsqlite3-dev build-essentialArch Linux
sudo pacman -S libsodium yaml-cpp sqlite base-develgit clone https://github.com/<you>/AgniVault
cd AgniVault
make # debug build
make PROD=1 # production buildOutput:
bin/agniv
Location:
~/.config/agnivault/config.yaml
Example:
name: "Your Name"
email: "your@email.com"Identity is embedded into AEAD associated data (AAD):
- ❌ Does not encrypt the file
- ✔️ Prevents decryption if identity mismatches
- ✔️ Acts as authenticity + integrity check
agniv init <project_name>Create a new project.
agniv update <old_name> <new_name>Rename an existing project.
agniv list [project_name]List all projects or show metadata.
agniv open <project_name>Decrypt project into /dev/shm/agnivault/<project>.
agniv viewView open projects (upcoming).
agniv close <project_name>Securely clear the RAM workspace.
agniv gen-keyGenerate a new master key (VaultCode).
agniv config <options>Show or modify config.yaml.
agniv init myprojectagniv open myprojectFiles appear here:
/dev/shm/agnivault/myproject/
agniv close myprojectRAM data is securely wiped.
- Decrypted files exist only in RAM (
/dev/shm) - Identity is used only for authenticity, not encryption
- Losing the master key = permanent data loss
/dev/shmclears automatically on reboot- Keep permissions secure:
chmod 600 ~/.config/agnivault/VaultCode
chmod 700 ~/.config/agnivault/- Implement
agniv view - Key rotation
- Project import/export
- FUSE-based filesystem view
- Sandboxed execution environment
- CLI plugin system
- Auto-encrypt on save
- Extended metadata & tagging
This project is licensed under the GNU General Public License (GPL).