Merge pull request #3 from GreenHacker420/feature/offline-secrets-manager

feat: Implement Offline Secrets Manager with AES-256 Encryption

Author: curiouscoder-cmd

IMPLEMENTATION.md

@@ -0,0 +1,193 @@
+# Offline Secrets Manager Implementation
+
+## Overview
+
+This implementation adds a fully functional offline secrets manager to ENV Storage Manager. The application securely stores API keys, database credentials, and other sensitive environment variables locally with AES-256 encryption.
+
+## Features Implemented
+
+### 🔐 Core Security
+- **AES-256 Encryption**: All secrets are encrypted using Fernet (symmetric encryption)
+- **PBKDF2 Key Derivation**: Master password is converted to encryption key using PBKDF2 with 480,000 iterations (OWASP recommended)
+- **Secure Password Hashing**: SHA-256 hashing for password verification
+- **Salt Management**: Unique salt per installation for additional security
+
+### 📦 Storage Layer
+- **SQLite Database**: Local, file-based storage in `~/.env_storage/`
+- **SQLAlchemy ORM**: Robust database management with proper relationships
+- **Audit Logging**: All operations are logged for security tracking
+- **Cascade Deletion**: Deleting a project removes all associated secrets
+
+### 🎨 CLI Interface
+- **Rich Terminal UI**: Beautiful tables and colored output using Rich library
+- **Secure Input**: Password masking for sensitive data entry
+- **Interactive Commands**: User-friendly prompts and confirmations
+- **Comprehensive Commands**:
+  - `init` - Initialize storage with master password
+  - `create-project` - Create a new project
+  - `add` - Add/update environment variables
+  - `list` - List projects or environment variables
+  - `get` - Retrieve specific variable with full value
+  - `search` - Search across all projects
+  - `export` - Export to .env file
+  - `delete` - Delete environment variables
+  - `delete-project` - Delete entire projects
+
+### 🧪 Testing
+- **Comprehensive Test Suite**: 40+ test cases covering:
+  - Encryption/decryption functionality
+  - Storage initialization and authentication
+  - Project and environment variable management
+  - Search and export features
+  - Edge cases and error handling
+  - Unicode and special character support
+
+## Architecture
+
+```
+src/
+├── crypto/
+│   └── encryption.py      # Encryption/decryption logic
+├── core/
+│   ├── models.py          # SQLAlchemy database models
+│   ├── database.py        # Database connection management
+│   └── storage.py         # Main storage interface
+└── cli/
+    └── main.py            # CLI commands and interface
+```
+
+## Database Schema
+
+### Config Table
+- Stores master password hash and encryption salt
+- Single row per installation
+
+### Projects Table
+- Project name (unique)
+- Description
+- Timestamps
+
+### EnvVars Table
+- Project reference (foreign key)
+- Key name
+- Encrypted value (binary)
+- Description
+- Timestamps
+
+### AuditLog Table
+- Action type (CREATE, READ, UPDATE, DELETE)
+- Entity type (PROJECT, ENV_VAR)
+- Entity ID
+- Details
+- Timestamp
+
+## Security Considerations
+
+1. **Offline-First**: All data stored locally, no cloud dependencies
+2. **Encryption at Rest**: Secrets never stored in plaintext
+3. **Master Password**: Single password protects all secrets
+4. **No Password Recovery**: Master password cannot be recovered (by design)
+5. **Audit Trail**: All operations logged for security review
+6. **Secure Export**: Warning displayed when exporting to .env files
+
+## Usage Examples
+
+### Initialize
+```bash
+python main.py init
+```
+
+### Create Project
+```bash
+python main.py create-project -n myapp -d "My awesome application"
+```
+
+### Add Secrets
+```bash
+python main.py add -p myapp -k API_KEY -d "OpenAI API Key"
+# Will prompt for value securely
+```
+
+### List Projects
+```bash
+python main.py list
+```
+
+### List Project Variables
+```bash
+python main.py list -p myapp
+```
+
+### Search
+```bash
+python main.py search API
+```
+
+### Export to .env
+```bash
+python main.py export -p myapp -o .env
+```
+
+### Get Specific Variable
+```bash
+python main.py get -p myapp -k API_KEY
+```
+
+## Installation
+
+```bash
+# Install dependencies
+pip install -r requirements.txt
+
+# Run the application
+python main.py init
+```
+
+## Testing
+
+```bash
+# Install dev dependencies
+pip install -r requirements-dev.txt
+
+# Run tests
+pytest tests/ -v
+
+# Run with coverage
+pytest --cov=src --cov-report=html tests/
+```
+
+## Why This Matters for Developers
+
+As developers, we constantly juggle multiple projects, each with their own set of API keys, database credentials, and configuration secrets. This tool solves several pain points:
+
+1. **Centralized Management**: All secrets in one secure location
+2. **No More Lost Keys**: Never forget where you stored that API key
+3. **Security by Default**: Encrypted storage prevents accidental exposure
+4. **Easy Context Switching**: Quickly access secrets for any project
+5. **Version Control Safe**: Keep secrets out of git repositories
+6. **Audit Trail**: Know when and how secrets were accessed
+
+## Contribution Details
+
+- **Type**: Feature Implementation
+- **Lines of Code**: ~1000+ lines
+- **Files Added**: 7 new files
+- **Test Coverage**: 40+ test cases
+- **Documentation**: Comprehensive inline documentation and docstrings
+
+## Future Enhancements
+
+Potential improvements for future contributions:
+- Import from existing .env files
+- Backup/restore functionality
+- Multi-user support with different access levels
+- Browser extension for auto-fill
+- IDE integration plugins
+- Cloud sync (optional, with end-to-end encryption)
+- Two-factor authentication
+- Secret rotation reminders
+- Secret sharing with team members
+
+## License
+
+MIT License - Same as parent project

main.py

@@ -0,0 +1,6 @@
+"""Main entry point for ENV Storage Manager CLI."""
+
+from src.cli.main import cli
+
+if __name__ == "__main__":
+    cli()