Skip to content

Commit 873287a

Browse files
itsfarseenitsfarseen
committed
update README and CHANGELOG
1 parent 55e26fe commit 873287a

File tree

2 files changed

+37
-22
lines changed

2 files changed

+37
-22
lines changed

CHANGELOG.md

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# Changelog
22

3-
## 0.2 (2025-09-04)
3+
## 0.2 (2025-09-09)
44

55
**Encrypted user secrets**
66
- `init-user` now generates a passphrase-encrypted keypair (saved as `user-secret.age.enc`).
@@ -10,6 +10,14 @@
1010
Existing unencrypted keypairs continue to work; migration is optional.
1111
- Show a warning when an unencrypted keypair (`user-secret.age`) is used.
1212

13+
**Migration from v0.1 (unencrypted user secrets):**
14+
If you have an existing `user-secret.age` file from v0.1, you can continue using it as-is (you'll see a warning). To migrate to encrypted user secrets for better security:
15+
1. Run `./age-store.py migrate encrypt-user-secret`
16+
2. Enter a strong passphrase when prompted
17+
3. Your plaintext `user-secret.age` will be encrypted and saved as `user-secret.age.enc`
18+
4. The original plaintext file will be deleted
19+
5. Future operations will prompt for your passphrase
20+
1321
**Other changes**
1422
- Add `doctor` command to run health checks.
1523
- Support encrypting and decrypting binary files.

README.md

Lines changed: 28 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
11
# Age Store
22

3+
> **📋 See [CHANGELOG.md](CHANGELOG.md) for version history and migration instructions**
4+
35
A simple, secure secret management system built on the proven [age encryption](https://age-encryption.org/) standard. Age Store makes it easy to share encrypted files across teams using familiar command-line tools.
46

57
## Why Age Store?
@@ -24,10 +26,10 @@ chmod +x age-store.py
2426
./age-store.py admin bootstrap myusername
2527

2628
# 4. Add your first secret
27-
./age-store.py add-file my-secret-file
29+
./age-store.py add my-secret-file
2830

2931
# 5. View it anytime
30-
./age-store.py view-file my-secret-file
32+
./age-store.py view my-secret-file
3133
```
3234

3335
That's it! Your secrets are now encrypted and ready to share with your team.
@@ -41,12 +43,12 @@ That's it! Your secrets are now encrypted and ready to share with your team.
4143

4244
```bash
4345
# Add any file to the encrypted store
44-
./age-store.py add-file config.json
45-
./age-store.py add-file .env
46+
./age-store.py add config.json
47+
./age-store.py add .env
4648

4749
# View files instantly
48-
./age-store.py view-file config.json
49-
./age-store.py list-files
50+
./age-store.py view config.json
51+
./age-store.py ls
5052

5153
# Share access with teammates
5254
./age-store.py admin add-user alice age1abc123...
@@ -70,26 +72,31 @@ Age public key: age1alice123...
7072
bob$ ./age-store.py admin add-user alice age1alice123...
7173

7274
# Now Alice can access all secrets
73-
alice$ ./age-store.py view-file shared-config.json
75+
alice$ ./age-store.py view shared-config.json
7476
```
7577

7678
## Commands Reference
7779

78-
### Daily Use
79-
- `add-file <file>` - Encrypt and store any file
80-
- `view-file <name>` - Decrypt and view a stored file
81-
- `list-files` - See all your encrypted files
82-
83-
### Setup & Team Management
84-
- `init-user` - Generate your age keypair (run once)
80+
### Core Commands
81+
- `init-user [--unencrypted]` - Generate your age keypair (run once). By default creates encrypted keypair; use `--unencrypted` for plaintext
8582
- `show-pubkey` - Display your public key to share with teammates
86-
- `admin bootstrap <username>` - Initialize the store (first time only)
87-
- `admin add-user <name> <pubkey>` - Give someone access
88-
- `admin remove-user <name>` - Revoke access
89-
- `admin list-users` - See who has access
90-
91-
### Security Operations
92-
- `admin rotate-master-key` - Rotate master key and re-encrypt everything
83+
- `version` - Show version information
84+
- `doctor` - Run health checks and diagnostics
85+
86+
### File Operations
87+
- `add <file> [--force]` - Encrypt and store any file. Use `--force` to overwrite existing files
88+
- `view <file>` - Decrypt and view a stored file (specify name without .enc extension)
89+
- `ls` - List all available encrypted files
90+
91+
### Team Management (Admin)
92+
- `admin bootstrap <username>` - Initialize the store with initial user (first time only)
93+
- `admin add-user <username> <age_pubkey>` - Give someone access by adding their public key
94+
- `admin remove-user <username>` - Revoke a user's access
95+
- `admin list-users` - Show all users with access
96+
- `admin rotate-master-key` - Generate new master keypair and re-encrypt for all users
97+
98+
### Migration Tools
99+
- `migrate encrypt-user-secret` - Convert plaintext `user-secret.age` to encrypted `user-secret.age.enc`
93100

94101
## File Layout
95102

0 commit comments

Comments
 (0)