Home

Ironclad is a command line utility for creating and managing encrypted password databases.

Downloads

Usage

Run ironclad --help to view the command line help:

Usage: ironclad [command]

  A utility for creating and managing encrypted password
  databases.

Flags:
  -h, --help        Print the application's help text.
  -v, --version     Print the application's version number.

Basic Commands:
  add               Add a new entry to a database.
  edit              Edit an existing database entry.
  gen               Generate a new random password.
  go                Open an entry's URL.
  init              Initialize a new password database.
  list              List database entries.
  pass              Copy a password to the clipboard.
  retire            Mark one or more entries as inactive.
  show              Show entry content.
  url               Copy a url to the clipboard.
  user              Copy a username to the clipboard.

Additional Commands:
  config            Set or print a configuration option.
  decrypt           Decrypt a file.
  dump              Dump a database's JSON data store.
  encrypt           Encrypt a file.
  export            Export entries from a database.
  import            Import entries into a database.
  purge             Purge inactive entries from a database.
  restore           Restore inactive entries.
  setcachepass      Change a database's cache password.
  setmasterpass     Change a database's master password.
  tags              List database tags.

Aliases:
  new               Alias for 'add'.

Command Help:
  help <command>    Print a command's help text.

Run ironclad help <command> to view the help text for a specific command.

The quickstart guide is a short tutorial for first-time users.

Source Code

Ironclad is written in Go. If you have a Go compiler installed you can run:

go install github.com/dmulholl/ironclad/cmd/ironclad@latest

This will download, compile, and install the latest version of the application to your $GOPATH/bin directory.

You can find the source files on Github.

Security

Database files are encrypted using industry-standard cryptography.

Data is encrypted using 256-bit AES in CBC mode.
Padding is performed using the PKCS #7 padding scheme.
Authentication is performed using HMAC-SHA-256.
Encryption keys are generated using 100,000 rounds of the PBKDF2 key derivation algorithm with an SHA-256 hash.

Encrypted files have no special markers and are indistinguishable from random data.

File Encryption

The application doubles as a simple file encryption utility using the encrypt and decrypt commands. Files are encrypted using the same 256-bit AES protocol as password databases. Original files are unaffected by either encryption or decryption.

License

Zero-Clause BSD (0BSD).