feat: Implement Offline Secrets Manager with AES-256 Encryption

[GreenHacker420]

🎃 Hacktoberfest 2025 Contribution

📝 Description

This PR implements a comprehensive offline secrets manager for ENV Storage Manager. As a developer, managing API keys, database credentials, and other secrets across multiple projects is frustrating and error-prone. This implementation provides a secure, encrypted, offline solution to centralize and protect all your environment variables.

✨ Features Implemented

🔐 Core Security

• AES-256 Encryption: All secrets encrypted using Fernet (symmetric encryption)
• PBKDF2 Key Derivation: Master password converted to encryption key using PBKDF2 with 480,000 iterations (OWASP recommended)
• Secure Password Hashing: SHA-256 hashing for password verification
• Salt Management: Unique salt per installation for additional security
• Offline-First: All data stored locally in ~/.env_storage/, no cloud dependencies

📦 Storage Layer

• SQLite Database: Local, file-based storage
• SQLAlchemy ORM: Robust database management with proper relationships
• Audit Logging: All operations logged for security tracking
• Cascade Deletion: Deleting a project removes all associated secrets
• Database Models: Config, Project, EnvVar, AuditLog

🎨 CLI Interface

• Rich Terminal UI: Beautiful tables and colored output
• Secure Input: Password masking for sensitive data entry
• Interactive Commands: User-friendly prompts and confirmations
• 10 Comprehensive Commands:
  • init - Initialize storage with master password
  • create-project - Create a new project
  • add - Add/update environment variables (with secure input)
  • list - List projects or environment variables
  • get - Retrieve specific variable with full value
  • search - Search across all projects
  • export - Export to .env file
  • delete - Delete environment variables
  • delete-project - Delete entire projects

🧪 Testing

• 40+ Test Cases covering:
  • Encryption/decryption functionality
  • Storage initialization and authentication
  • Project and environment variable management
  • Search and export features
  • Edge cases and error handling
  • Unicode and special character support

📁 Files Added/Modified

New Files:

• src/crypto/encryption.py - Encryption/decryption logic (120 lines)
• src/core/models.py - Database models (80 lines)
• src/core/database.py - Database management (70 lines)
• src/core/storage.py - Main storage interface (400+ lines)
• tests/test_encryption.py - Encryption tests (150+ lines)
• tests/test_storage.py - Storage tests (300+ lines)
• main.py - Entry point
• IMPLEMENTATION.md - Detailed documentation

Modified Files:

• src/cli/main.py - Complete CLI implementation (250+ lines)

🏗️ Architecture

src/
├── crypto/
│   └── encryption.py      # Encryption/decryption logic
├── core/
│   ├── models.py          # SQLAlchemy database models
│   ├── database.py        # Database connection management
│   └── storage.py         # Main storage interface
└── cli/
    └── main.py            # CLI commands and interface

🔒 Security Considerations

1. Encryption at Rest: All secrets stored encrypted, never in plaintext
2. Master Password: Single password protects all secrets
3. No Password Recovery: Master password cannot be recovered (by design)
4. Audit Trail: All operations logged for security review
5. Secure Export: Warning displayed when exporting to .env files
6. Input Masking: Passwords and secrets masked during input

💡 Usage Examples

# Initialize
python main.py init

# Create a project
python main.py create-project -n myapp -d "My awesome app"

# Add secrets (will prompt for value securely)
python main.py add -p myapp -k API_KEY -d "OpenAI API Key"

# List all projects
python main.py list

# List project variables (values masked)
python main.py list -p myapp

# Search across all projects
python main.py search API

# Get specific variable (shows full value)
python main.py get -p myapp -k API_KEY

# Export to .env file
python main.py export -p myapp -o .env

✅ Checklist

• Code follows project style guidelines
• Comprehensive tests added (40+ test cases)
• Documentation updated (IMPLEMENTATION.md)
• Commit messages follow conventional commits format
• No merge conflicts with main branch
• All new code has proper docstrings
• Security best practices followed
• Type hints used throughout
• Error handling implemented

🎯 Why This Matters

As developers, we face daily challenges:

• 🔍 Lost Keys: Forgetting where we stored API keys
• 🔄 Context Switching: Managing different .env files across projects
• 🔒 Security Risks: Accidentally committing secrets to version control
• 📦 Backup Nightmares: No centralized backup for critical credentials

This implementation solves all these problems with a secure, offline-first approach.

📊 Stats

• Lines of Code: 1,600+ lines
• Test Coverage: 40+ comprehensive test cases
• Files Added: 8 new files
• Files Modified: 1 file
• Documentation: Extensive inline docs and IMPLEMENTATION.md

🚀 Future Enhancements

Potential improvements for future PRs:

• Import from existing .env files
• Backup/restore functionality
• Browser extension for auto-fill
• IDE integration plugins
• Secret rotation reminders
• Team sharing features

🙏 Notes

This is my Hacktoberfest 2025 contribution. I've put significant effort into making this a high-quality, production-ready feature that genuinely solves a real problem developers face daily.

Thank you for reviewing! 🎃

[github-actions]

🎉 Congratulations on your first Pull Request!

Thank you for contributing to ENV Storage Manager! This is an exciting moment for both you and our project.

What happens next?

• 🔍 Our CI/CD pipeline will run automated checks
• 👀 A maintainer will review your code
• 💬 We may request changes or ask questions
• ✅ Once approved, your PR will be merged!

Tips for success

• ✅ Make sure all CI checks pass
• 📝 Respond to review comments promptly
• 🔄 Keep your branch up to date with main
• 📖 Follow our Contributing Guidelines

Need help?

• 💬 Comment on this PR with questions
• 📚 Check our documentation
• 🤝 Join our Discussions

We're excited to have you as part of our community! 🌟

---

P.S. If this is for Hacktoberfest 🎃, make sure your PR follows the quality guidelines to be eligible!

[curiouscoder-cmd]

looks good to me