Skip to content
/ coconut Public

A secure, local-first CLI password manager with Zero Knowledge Architecture

License

Apache-2.0 license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ompatil-15/coconut

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
cmd
cmd
 
 
docs
docs
 
 
internal
internal
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
architecture-diagram.puml
architecture-diagram.puml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Coconut

A secure, local-first CLI password manager with Zero Knowledge Architecture.

Why Coconut?

Coconut is a zero-knowledge, local-first CLI password manager built for software engineers who prefer the terminal. Secure, fast, and fully under your control. No cloud, no tracking, no compromises.

Key Features:

  • Zero Knowledge Architecture - Your master password never leaves your device
  • Local-first - All data stays on your machine, no cloud sync
  • Strong encryption - AES-256-GCM with Argon2id key derivation
  • Simple CLI - Quick access without context switching

Installation

Via Homebrew (Recommended)

brew install ompatil-15/coconut/coconut

From Source

git clone https://github.com/ompatil-15/coconut.git
cd coconut
make build

Requirements: Go 1.25.3 or higher

Quick Start

# Initialize your vault
coconut init

# Add a password
coconut add -u myusername -p mypassword

# Generate a strong password
coconut generate

# List all passwords
coconut list

# Get a password
coconut get 1

Usage

Vault Management

coconut init      # Create a new vault
coconut unlock    # Start a session
coconut lock      # End session

Password Management

coconut add -u <username> -p <password>     # Add password
coconut list                                # List all
coconut get <index>                         # Get password
coconut update <index> -u <user> -p <pass>  # Update
coconut delete <index>                      # Delete

Utilities

coconut generate    # Generate strong password
coconut config      # View/modify settings

Security

Coconut implements true Zero Knowledge Architecture:

  • Master password never stored - Only a random salt is kept
  • Argon2id key derivation - Memory-hard algorithm resistant to GPU attacks
  • AES-256-GCM encryption - Industry-standard authenticated encryption
  • Memory safety - Keys are zeroed when vault locks

Security vs Usability: Configure autoLockSecs setting for session timeout (default: 300 seconds)

Learn more: Security Architecture | Design Decisions

Documentation

Configuration

  • autoLockSecs = 0: Maximum security - no session caching, password required for every operation
  • autoLockSecs > 0: Session timeout in seconds (default: 300)
  • Lower timeout values provide better security with more frequent password prompts

Data Storage

  • Database: ~/.coconut/coconut.db
  • Logs: ~/.coconut/logs/coconut.log

Contributing

Contributions welcome! See DEVELOPMENT.md for setup instructions.

# Development workflow
make build      # Build and install
make logs       # View logs
make clear_db   # Clear database
make db_dump    # Dump database

License

Licensed under the Apache License, Version 2.0 - see LICENSE file for details.

Author

Remember: Your master password is the key to all your secrets. Choose wisely, and never share it!

About

A secure, local-first CLI password manager with Zero Knowledge Architecture

Topics

password-manager aes-gcm argon2id zero-knowledge-architecture

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

Coconut v1.0.0 Latest
Nov 12, 2025

Packages

No packages published

Languages