A CLI tool that protects sensitive developer secrets using AES-256 encryption, filesystem immutability, and time-based "human-in-the-loop" authentication.
Secrets bypass stdout. Direct memory-to-clipboard (`xsel`) pipeline ensures no logs retain your keys.
Kernel-level file locking via `chattr +i`. Even root cannot delete the vault without specific unlocking procedures.
Passwords rotate every 60 seconds based on a mental algorithm. Replay attacks are mathematically impossible after T+1m.
Anti-scripting defense. Requires random hex-code verification to prove operator presence.
Lazy enough to set this up?? We got you. Lemme take care of you bbgl.
The most secure method of using Chronolock is to download and run the script.
Just copy this section, navigate to your preferred directory in your terminal, paste and run.
Modify the keys.json file with your base-password and secrets.
You can use custom keys for your secrets inside the nested secret part of the keys.json
You can run chronolock natively from any path in your terminal.
Run the tool as a normal user. The process has three distinct security phases.
You must calculate the password mentally.
Format: [BasePassword][Day][MonthInitial][HHMM]
If your base-password is MySecret and since the current time is LOADING...:
If the password is correct, the tool copies a random Hex Code (e.g., a1b2c3d4) to your clipboard.
Secret:Ctrl+V (Paste) back into the terminal, add [WeekdayInitial][Day], paste it again and hit Enter.If the Hex Code is a1b2c3d4 and today is LOADING...:
A menu listing your keys will appear. Type the number of the secret you want. It will be silently copied to your clipboard.
ChronoLock is built for a specific threat model: Local Malware and Shoulder Surfing.
Malware: A script running on your PC (e.g., a bad npm package) tries to grab AWS_SECRET from env vars. It fails because it cannot "guess" the time-algorithm or your base password.
Snooping: Someone looking at your screen sees you type a password. Ten minutes later, they try to type the same password. It fails.
The time component is not the secret; it is a Salt. Security relies entirely on the Secret Key (your Base Password). If someone knows your Base Password, the system is broken regardless of the time component.