Skip to content

foxhackerzdevs/fox-vault

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.github/workflows
.github/workflows
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

🦊 fox-vault

Simple. Practical. Reliable.

Release Go Report Card License: MIT

📌 Introduction

fox-vault is a minimalist CLI tool for file encryption using modern cryptography.

No complex configurations. No cloud sync. Just secure, local encryption.

❓ Why fox-vault?

  • No insecure modes or configuration footguns
  • No external dependencies or services
  • Uses modern, audited cryptographic primitives
  • Designed for local, deliberate workflows

✨ Features

  • Hard to Misuse: XChaCha20-Poly1305 + Argon2id
  • Tamper Evident: AEAD prevents silent corruption
  • Memory Safe: Best-effort zeroing of sensitive data
  • Zero Config: Single static binary
  • Safe Defaults: Refuses to overwrite files
  • Flexible Decryption: Safe (unlock) and destructive (burn) modes

📦 Installation

Pre-built Binaries

👉 https://github.com/foxhackerzdevs/fox-vault/releases

Verify Checksums

sha256sum -c fox-v1.0.1-linux-amd64.sha256

Install via Go

go install github.com/foxhackerzdevs/fox-vault@latest

Build Locally

git clone https://github.com/foxhackerzdevs/fox-vault
cd fox-vault
go build -trimpath -ldflags="-s -w" -o fox main.go

🛠 Usage

🔐 Encrypt

./fox -m lock -f secret.txt

Creates:

secret.txt.fox

🔓 Decrypt (safe)

./fox -m unlock -f secret.txt.fox
  • Prints decrypted content to stdout
  • Does NOT delete the file

Recommended:

./fox -m unlock -f file.fox | less
./fox -m unlock -f file.fox > output.txt

🔥 Decrypt + Delete (burn)

./fox -m burn -f secret.txt.fox
  • Decrypts file
  • Prints content
  • Prompts before deletion
  • Deletes encrypted file after confirmation

⚠️ This operation is destructive

📦 Version

./fox -v

📦 Exit Codes

  • 0 Success
  • 1 General error
  • 2 Invalid arguments
  • 3 Decryption failed

🔒 Security Specs

  • KDF: Argon2id (Time=3, Memory=256MB, Threads=4)
  • Encryption: XChaCha20-Poly1305
  • Nonce: 24 bytes

File Format:

[1-byte Version][16-byte Salt][24-byte Nonce][Ciphertext]
  • Password Input: Secure terminal input
  • File Permissions: 0600

⚠️ What fox-vault is NOT

  • Not for plausible deniability
  • Not for hiding filenames
  • Not for very large files (RAM-bound, recommended <1GB)
  • Not a password manager
  • No password recovery — lost password = lost data

⚠️ Secure Deletion Warning

The burn mode uses overwrite + delete.

❗ On SSDs and modern filesystems, secure deletion is not guaranteed.

🏗 Building from Source

go mod tidy
go build -trimpath -ldflags="-s -w -X main.version=dev" -o fox main.go

🔁 Reproducible Builds

Uses:

  • -trimpath
  • stripped binaries (-s -w)

🗺 Roadmap

  • Replace burn with --delete flag
  • Streaming support (>1GB files)
  • Output file support (-o output.txt)

⚖️ License

MIT License — see LICENSE

⚠️ Disclaimer

This software is provided "as is".

  • No warranty
  • No recovery
  • No guarantees

You are responsible for your data and passwords.

👥 Contributors

Built by https://github.com/foxhackerzdevs Pull requests welcome.

About

A minimalist, zero-config file encryption utility. Simple, practical, and hard to misuse.

foxhackerzdevs.github.io/fox-vault/

Topics

cli golang encryption cybersecurity minimalist security-tools foxhackerzdevs

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 2

v1.0.1 Latest
Apr 27, 2026
+ 1 release

Packages

 
 
 

Contributors

Languages