Future proof secrets management
Rot is an open source command line (CLI) tool for managing cryptographic values.
Rot makes cryptography easy:
- Generate keys and values using current best encryption
- Rekey encrypted values to the latest encryption standards
- Share your encrypted values with other users and devices
- One-way encryption for zero-knowledge secrets
- Run commands and scripts with encrypted values injected via environment variables
- Store your encrypted values securely in git with human-readable diffs
- Generate and view X.509 certificates and Certificate Authorities
- Generate and view JWTs
- Generate and verify signatures
- Generate SSH keys and certificates
Visit https://rotx.dev for more information.
Aside from the infamous ROT13 Caeser cipher, cryptographic keys have a tendency to "rot" rather quickly. Frequent use of keys inevitably leads to leakage and/or compromise, and the underlying encryption algorithms may not be secure in the future. Cryptographic material doesn't age well in general.
The code in this repository is licensed under the GNU AGPL. Visit https://rotx.dev/pricing/ to purchase a license exemption.
Our development process is mostly trunk-based with a main branch that folks can contribute to using pull requests. We tag releases as necessary using CalVer.
./github:Reusable GitHub Actions./go:Rot code./hugo:Rot website./shell:Development tooling./shared:Shared libraries from https://github.com/candiddev/shared
Make sure you initialize the shared submodule:
git submodule update --initWe use GitHub Actions to lint, test, build, release, and deploy the code. You can view the pipelines in the .github/workflows directory. You should be able to run most workflows locally and validate your code before opening a pull request.
Visit shared/README.md for more information.