How do I backup my identity files (SSH/GPG) without compromising them?

The Story: Paranoia & SSH Keys 🔑

I have a specific paranoia: losing my SSH and GPG keys.

If my laptop dies today, I lose access to my servers, my GitHub signing capabilities, and my encrypted backups. But backing them up is terrifying.

• Copying id_rsa to a USB drive feels risky (what if I lose the drive?).
• Uploading ~/.ssh to Google Drive or Dropbox feels like a security nightmare.

I wanted a middle ground. I wanted a way to create a "digital safety deposit box." I wanted to take my most sensitive keys, lock them inside a folder that is mathematically impossible to open without my password, and then feel safe uploading that encrypted blob to the cloud.

That is why I built Vaultix. It wasn't just for "secrets" in general—it was specifically designed to be the safest transport layer for my digital identity.

---

What is Vaultix? 🛡️

Vaultix is a cross-platform command-line tool written in Go. It manages password-protected encrypted folders locally on your machine.

It’s designed to be:

• Simple: No complex key management. Just a password.
• Secure: AES-256-GCM encryption with Argon2id key derivation.
• Invisible: Even the filenames inside the vault are encrypted.

The "Cool" Features

I didn't just want encryption; I wanted a good Developer Experience (DX). Here is what makes Vaultix fun to use:

1. Fuzzy Matching 🪄

I hate typing long filenames.
If you have a file named super_secret_aws_keys_v2.json, you don't need to type that whole thing.

# This works!
vaultix extract aws

It finds the best match and extracts it.

2. Zero Metadata Leaks 🕵️

If someone steals your laptop and finds your vault, they won't even know what you are hiding. Vaultix encrypts the file contents and the filenames. A file named passwords.txt becomes a random string like 3f9a2c1d.enc on the disk.

3. Drop & Go 🗑️

Need to use a file once and then destroy it? Use the drop command. It decrypts the file for you to use, and immediately removes it from the secure vault.

vaultix drop api_keys

This specific use case makes the article much more compelling because it's a real problem every developer faces: "How do I backup my identity files (SSH/GPG) without compromising them?"

Here is a rewritten Introduction & Story section. You can replace the "The Problem with Secrets" section in the previous draft with this.

---

Here is how I use Vaultix to sleep better at night. I backup my SSH keys in 3 commands:

# 1. Create a secure vault
mkdir my_identity_backup
cd my_identity_backup
vaultix init

# 2. Add the sensitive keys
cp ~/.ssh/id_ed25519 .
cp ~/.gnupg/private-keys-v1.d/* .
vaultix add id_ed25519

# 3. Verify and Sync
vaultix list
# Now I can zip this 'my_identity_backup' folder 
# and upload it to Google Drive without fear.

How It Works (The Techy Stuff) 🤓

For the security nerds out there (like me), here is the architecture. I followed the Golden Rule: Don't Roll Your Own Crypto.

• Language: Go (1.21+)
• Encryption: AES-256-GCM (Authenticated encryption ensures nobody tampered with your data).
• Key Derivation: Argon2id (Resistant to GPU cracking attacks).
• Storage: All data lives in a hidden .vaultix/ folder in your directory.

Crucially: Vaultix never stores your password. It exists only in memory while the program is running. If you lose your password, the data is gone forever. That’s a feature, not a bug.

Quick Start

You can grab the binary for Windows, macOS, or Linux from the Releases page, or build it from source if you have Go installed:

go install github.com/zayan-mohamed/vaultix@latest

Let's secure a folder:

1. Initialize the vault:

cd my_secrets
vaultix init
# Enter a strong password...

1. Add a file:

vaultix add .env

1. List your secure files:

vaultix list
# Files in vault:
#   .env

That's it. Your .env file is now encrypted at rest.

Why Go? 🐹

I chose Go because I wanted a single static binary with zero dependencies. I didn't want users to have to install Python, Node, or OpenSSL libraries just to decrypt their files. You download vaultix, and it just works.

Give it a Try!

I’m looking for feedback, contributors, and security enthusiasts to break it (or fix it!).

• 💻 GitHub:

  Zayan-Mohamed / vaultix

  A cross-platform CLI tool for managing password-protected encrypted folders. Uses AES-256-GCM encryption with Argon2id key derivation. Single binary, zero dependencies, works on Linux, macOS, and Windows.

  vaultix

  

  A cross-platform command-line tool for managing password-protected encrypted folders

  Features • Installation • Quick Start • Documentation • Security • Contributing

  ---

  📖 Overview

  vaultix is a secure, lightweight CLI tool that encrypts files in place using military-grade cryptography. No cloud, no services, no complexity—just strong encryption for your sensitive files.

  Key Highlights

  • 🔒 Strong Encryption: AES-256-GCM with Argon2id key derivation
  • 🚀 Zero Dependencies: Single static binary, no runtime requirements
  • 💻 Cross-Platform: Linux, macOS, and Windows support
  • 🎯 Simple UX: Intuitive commands with smart defaults
  • 🔐 No Password Storage: Passwords exist only in memory
  • 📦 Portable: Encrypted vaults work across all platforms

  ✨ Features

  ✅ Automatic Encryption - Initialize a vault and all files are encrypted instantly
  ✅ Fuzzy File Matching - No need to type exact filenames
  ✅ Default to Current Directory - Less typing, more doing
  ✅ Extract or Drop - Extract…

  
  

  View on GitHub

  
  
• 📄 Docs: zayan-mohamed.github.io/vaultix

If you find it useful, drop a ⭐ on the repo—it helps a lot!

Disclaimer: While I used industry-standard libraries, always have backups of your important data!