Skip to content

ratmist/sshvault

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
sshvault
sshvault
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

                      ███████╗███████╗██╗  ██╗██╗   ██╗ █████╗ ██╗   ██╗██╗  ████████╗
                      ██╔════╝██╔════╝██║  ██║██║   ██║██╔══██╗██║   ██║██║  ╚══██╔══╝
                      ███████╗███████╗███████║██║   ██║███████║██║   ██║██║     ██║ 
                      ╚════██║╚════██║██╔══██║██║   ██║██╔══██║██║   ██║██║     ██║
                      ███████║███████║██║  ██║╚██████╔╝██║  ██║╚██████╔╝███████╗██║
                      ╚══════╝╚══════╝╚═╝  ╚═╝ ╚═════╝ ╚═╝  ╚═╝ ╚═════╝ ╚══════╝╚═╝

Overview

SSHVAULT — это консольная утилита для безопасного хранения и управления SSH-доступами с локальным шифрованием и интерактивным shell-режимом. Проект ориентирован на персональное использование, лабораторные окружения и серверы, где требуется централизованное управление SSH-учётками без передачи секретов третьим сторонам.

Key Features

  • Client-side encryption (master password)
  • Encrypted local vault
  • Interactive shell mode (unlock once per session)
  • SSH connections via Paramiko
  • Add / edit / delete SSH credentials

Installation

pipx install git+https://github.com/ratmist/sshvault.git

Usage

Initialize vault

sshvault init

Add new service

sshvault add

You will be prompted for the following fields:

  • service name
  • host
  • port
  • username
  • password

Connect to service

sshvault connect <service_name>

Establishes an SSH connection using stored credentials.

Edit service

sshvault edit <service_name>

Allows updating the username and/or password for an existing service.

Interactive shell mode

sshvault shell

Unlocks the vault once and allows executing multiple commands within a single session.

Security model

SSHVAULT is built around a zero-knowledge architecture:

  • The master password is never stored
  • Encryption keys are derived at runtime only
  • Vault data is decrypted in memory only for the lifetime of the process
  • Losing the master password results in permanent data loss (by design)

This behavior is intentional and explicitly documented.

Cryptography

The following cryptographic primitives and libraries are used:

Argon2id

Used for key derivation from the master password to resist brute-force and GPU-based attacks.

AES-GCM

Used for encrypting the vault file, providing both confidentiality and integrity.

Paramiko

Used for establishing SSH connections and interactive shell access from Python.

Vault architecture

  • Vault is stored locally in the user home directory:
~/.sshvault/
  • Vault data is stored in encrypted binary form
  • A unique salt is generated during initialization
  • All cryptographic operations are performed locally

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages