Skip to content

NeshJesse/vaulta-cli

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
simple_vault.py
simple_vault.py
 
 

Repository files navigation

Simple Private Vault

A tiny, cross‑platform file encrypter that keeps sensitive photos/videos out of casual search and prying eyes.

What it does

  • Encrypts your selected files and folders (recursively) into a hidden vault folder.
  • Uses industry‑standard crypto (Fernet: AES + HMAC via cryptography).
  • Stores encrypted blobs with random filenames so original names don’t leak.
  • Keeps an encrypted manifest of original names/relative paths (not visible to search).
  • Makes a best‑effort to keep the vault out of Windows Search / Spotlight / Linux indexers.
  • On Linux/Ubuntu, tightens permissions: vault dir 700; key/manifest/blobs 600.

What it doesn’t do

  • Bulletproof, forensic‑level secrecy. It’s meant to keep kids/guests/friends from stumbling across things in File Explorer/Finder/Tracker search.
  • Guaranteed secure deletion. Wiping files on SSDs is tricky; see Tips below.

Install

  1. Install Python 3.9+.
  2. Install deps: 
    pip install -r requirements.txt

Quick start

# 1) Create a vault + key file (or use a passphrase)
python simple_vault.py init

# 2) Encrypt files/folders into the vault (recursively)
python simple_vault.py encrypt "D:\Pictures\College Party" --wipe   # Windows example
python simple_vault.py encrypt ~/Movies/PrivateClips --wipe         # macOS/Linux example
# Ubuntu/Linux example from Desktop project folder
python3 simple_vault.py encrypt ~/Downloads/GooglePhotos/ --wipe

# 3) See what’s stored (from encrypted manifest)
python simple_vault.py list

# 4) Restore files when you need them
python simple_vault.py decrypt --output ~/Restored

Where is the vault?

  • Windows: %APPDATA%\SystemData\.vault (marked hidden, system, not content indexed).
  • macOS: ~/Library/PrivateVault.noindex (Spotlight ignores *.noindex; folder is also hidden).
  • Linux/Ubuntu: ~/.private_vault (drops .nomedia & .hidden markers and sets perms to 700).

You can override the location with --vault <path> on any command.

Key vs Passphrase

  • Key file (default): A vault.key is created inside the vault. Back it up to a USB or password manager.
  • Passphrase mode: Use --passphrase to avoid a key file; you’ll be prompted each time.

Lose the key/passphrase = permanent data loss. There’s no backdoor.

Keep it out of search (best effort)

  • Windows: vault folder is hidden + system + not content indexed. Also placed under AppData\Roaming to reduce visibility.
  • macOS: vault ends with .noindex so Spotlight won’t index it. We also mark it hidden.
  • Linux/Ubuntu: dot‑folder with .nomedia/.hidden and restrictive perms 700. Desktop indexers vary by distro; most skip hidden folders.

Tips for safer deletion

  • Use --wipe to best‑effort overwrite originals before deleting (okay for HDDs; SSDs are tricky).
  • For stronger deletion:
    • Windows: run sdelete from Microsoft Sysinternals on the source folders.
    • macOS/Linux: use shred on HDDs. For SSDs, rely on encryption, then securely erase the device if ever needed.

Examples

# Encrypt a single file
python simple_vault.py encrypt ~/Pictures/IMG_1234.JPG --wipe

# Encrypt a folder (recursively)
python simple_vault.py encrypt "D:\Camera Uploads" --wipe --flatten
python simple_vault.py encrypt ~/Downloads/GooglePhotos --wipe

# Decrypt to a specific folder
python simple_vault.py decrypt --output "D:\Private Restore"
python simple_vault.py decrypt --output ~/Restored

# By default, subfolders are preserved under the output directory
python simple_vault.py decrypt --output ~/Restored

# Or flatten (dump all files into one folder)
python simple_vault.py decrypt --output ~/Restored --flatten

FAQ

Q: Will File Explorer / Finder search find my private files?
A: No—the originals are encrypted into a hidden vault with randomized names, and the vault is marked to avoid indexing. This keeps them out of casual search. (An expert with admin tools could still find the vault exists.)

Q: Can I move the vault to an external drive?
A: Yes. Use --vault X:\SomeHiddenFolder (Windows) or /Volumes/Drive/Hidden.noindex (macOS), then init there and encrypt as usual.

Q: Can I use one vault on two laptops?
A: Yes, but share the same key or passphrase. Keep good backups.

Q: What video/photo apps can open files inside the vault?
A: None. Files are encrypted. Decrypt first into a temporary folder, view, then delete when done.

Q: How are paths stored in the manifest now?
A: Paths are stored relative to the encrypted root(s). On decrypt, the original sub‑folder structure is recreated under your chosen output directory unless you pass --flatten.

IMPORTANT: Test with a couple of dummy files first and back up your key. This tool is intended for convenience privacy, not adversarial protection against forensics.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages