Future proof secrets management

Rot is an open source command line (CLI) tool for managing secrets.

Rot makes encrypting and decrypting secrets easy:

• Generate keys and values using current best encryption
• Easily rekey secrets to the latest encryption standards
• Share your secrets with other users and devices
• One-way encryption for production secrets
• Run commands and scripts with secrets injected via environment variables
• Store your secrets securely in git with human-readable diffs

Visit https://rotx.dev for more information.

Aside from the infamous ROT13 Caeser cipher, cryptographic keys have a tendency to "rot" rather quickly. Frequent use of keys inevitably leads to leakage and/or compromise, and the underlying encryption algorithms may not be secure in the future. Cryptographic material doesn't age well in general.

The code in this repository is licensed under the GNU AGPL. Visit https://rotx.dev/pricing/ to purchase a license exemption.

Our development process is mostly trunk-based with a main branch that folks can contribute to using pull requests. We tag releases as necessary using CalVer.

• ./github: Reusable GitHub Actions
• ./go: Rot code
• ./hugo: Rot website
• ./shell: Development tooling
• ./shared: Shared libraries from https://github.com/candiddev/shared

Make sure you initialize the shared submodule:

git submodule update --init

We use GitHub Actions to lint, test, build, release, and deploy the code. You can view the pipelines in the .github/workflows directory. You should be able to run most workflows locally and validate your code before opening a pull request.

Visit shared/README.md for more information.