HN Showcase
Back to browse
GitHub Repository

A command-line tool for securely backing up, restoring, and verifying secrets using interoperable standards like age encryption and coreutils, ensuring long-term accessibility without vendor lock-in

1 starsRust

Secs-man, a secrets manager you can (not) rely on

by Fran314·Jun 25, 2026·10 points·4 comments
Visit ProjectView on HN

AI Analysis

●●SolidBig BrainNiche Gem

Backup tool designed to be recoverable with just age and coreutils if the software vanishes.

Strengths
  • Tool-independence philosophy means secrets survive even if the project is abandoned tomorrow.
  • Manual recovery docs show exactly how to decrypt without secs-man using only age and bash.
  • NixOS integration with flakes support fits naturally into declarative system configurations.
Weaknesses
  • Not published to crates.io or nixpkgs — installation requires cloning the repo directly.
  • Narrow use case: local backups only, not a full secrets management solution like 1Password.
Category
Security
Target Audience

NixOS users, privacy-focused developers managing local secrets

Similar To

pass · age · sops

Post Description

This is a tool to manage encrypted local backups of secrets. The core idea is that it aims to be usable without depending on it, meaning that even if the software disappeared from the face of Earth tomorrow, your data would still be recoverable.

It also integrates nicely with NixOS (which is what I use, though it does not require NixOS to be used).

I have summed up a bit of explanation and some answers to reasonable questions in a blog post: https://baldino.dev/blog/secs-man/

Similar Projects