Skip to content

Release Notes - v0.2.0

Release Date: 2026-01-10

This release introduces the OmniVault CLI tool with encrypted local storage and a daemon architecture for secure secret management.

Highlights

  • CLI Tool: Full-featured command-line interface for local secret management
  • Encrypted Storage: AES-256-GCM encryption with Argon2id key derivation
  • Daemon Architecture: Background service for secure operations
  • Cross-Platform: Unix socket IPC on macOS/Linux, TCP on Windows
  • Auto-Lock: Configurable inactivity timeout for enhanced security

New Features

CLI Tool (cmd/omnivault)

A complete command-line interface for managing secrets locally:

# Initialize and use the vault
omnivault daemon start
omnivault init
omnivault set database/password
omnivault get database/password
omnivault list
omnivault lock

Vault Commands:

  • omnivault init - Initialize a new vault with master password
  • omnivault unlock - Unlock the vault
  • omnivault lock - Lock the vault
  • omnivault status - Show vault and daemon status

Secret Commands:

  • omnivault get <path> - Retrieve a secret
  • omnivault set <path> [value] - Store a secret (prompts if value not provided)
  • omnivault list [prefix] - List secrets
  • omnivault delete <path> - Delete a secret

Daemon Commands:

  • omnivault daemon start - Start background daemon
  • omnivault daemon stop - Stop daemon
  • omnivault daemon status - Show daemon status
  • omnivault daemon run - Run in foreground (debugging)

Encrypted Store (internal/store)

Secure local storage implementing the vault.Vault interface:

  • AES-256-GCM authenticated encryption
  • Argon2id key derivation (OWASP-recommended parameters)
  • Password verification with constant-time comparison
  • Master password change with re-encryption of all secrets

Daemon Server (internal/daemon)

Background service for secure vault operations:

  • HTTP over Unix socket (~/.omnivault/omnivaultd.sock)
  • RESTful API for all vault operations
  • Auto-lock after configurable inactivity (default: 15 minutes)
  • Graceful shutdown with vault locking
  • PID file management

Daemon Client (internal/client)

Go client library for daemon IPC:

  • Unix socket transport
  • Structured error handling with error codes
  • Connection pooling with timeouts

Platform Support

Platform IPC Method Address/Path
macOS Unix Socket ~/.omnivault/omnivaultd.sock
Linux Unix Socket ~/.omnivault/omnivaultd.sock
Windows TCP 127.0.0.1:19839

All platforms support the same CLI commands and API.

Security

Encryption Specifications

Component Specification
Algorithm AES-256-GCM
Key Derivation Argon2id
Argon2 Time 3 iterations
Argon2 Memory 64 MB
Argon2 Threads 4
Salt Size 32 bytes
Nonce Size 12 bytes

Storage Layout

macOS / Linux:

~/.omnivault/
├── vault.enc           # Encrypted secrets
├── vault.meta          # Salt and Argon2 parameters
├── omnivaultd.sock     # Unix socket (runtime)
└── omnivaultd.pid      # Daemon PID (runtime)

Windows:

%LOCALAPPDATA%\OmniVault\
├── vault.enc           # Encrypted secrets
├── vault.meta          # Salt and Argon2 parameters
└── omnivaultd.pid      # Daemon PID (runtime)

Dependencies

New dependencies added:

  • golang.org/x/crypto - Argon2id key derivation
  • golang.org/x/term - Secure password input

Breaking Changes

None. This release adds new functionality without modifying the existing library API.

Upgrade Guide

No changes required for existing library users. The CLI tool is an optional addition.

To use the CLI:

go install github.com/agentplexus/omnivault/cmd/omnivault@v0.2.0
omnivault daemon start
omnivault init