A small command-line program that opens a text editor in a disposable in-memory buffer. The moment you save, the text is encrypted and written into a local SQLite vault, so no plain-text ever touches disk.
You can jot down passwords, API keys or sensitive scripts securely with no temp-file worries, no swap-file leaks, no vendor lock-in.
It ships as a SH script that runs on with Bash, SQLite and OpenSSL.
- Vault setup: On first run you pick a master password. vaultcli turns that into a secret key and locks it away, ready to unlock your data later.
- Editing a note: When you add or edit, vaultcli opens its built-in curses editor entirely in memory. What you type lives only in memory (no temp/swap files).
- Saving & storing: On save, vaultcli immediately encrypts your text and drops the encrypted blob into a local SQLite file—no plain text ever touches disk.
- Reading a note: When you open a note, vaultcli asks for your password, unlocks its secret key, decrypts the stored blob in memory, and opens it in your editor again.
- Password changes & upgrades: Changing your password only re-wraps the secret key (instant). If you ever need a stronger cipher, vaultcli can re-encrypt all saved notes in one go.
- sqlite3 (the SQLite command-line utility)
- OpenSSL (for encryption)
- python3 (stdlib only)
- gum (brew install gum or see Gum’s docs)
- A POSIX terminal (for the built-in curses editor)
All dependencies are available on Linux, macOS, and WSL. Install them using your system package manager (apt, brew, pacman, etc.).
./vaultcli.sh --file ~/myvault.sqliteIf the
--fileargument is not passed, you can select the file interactively.