BilgeStore
BilgeStore
security2026-02-10

EqhoPass: Secure Password Management for Developers

Why developers need a dedicated password manager. EqhoPass provides CLI-first, end-to-end encrypted credential management with team sharing and API access.

securitypasswordencryptionCLIdeveloper

The Developer Password Problem

Developers juggle more credentials than anyone:

  • Database connection strings
  • API keys (AWS, GCP, Stripe, Twilio, ...)
  • SSH keys and server passwords
  • OAuth tokens and secrets
  • CI/CD pipeline credentials
  • Staging vs. production configs

    • Most developers end up with credentials scattered across .env files, Slack messages, browser autofill, and sticky notes. This is a security disaster waiting to happen.

    What Makes EqhoPass Different

    EqhoPass is built for developers, not general consumers:

    1. CLI-First

    Access your vault from the terminal:

    ``bash

    # Store a credential

    eqhopass set AWS_SECRET_KEY "AKIAIOSFODNN7EXAMPLE"

    # Retrieve it

    eqhopass get AWS_SECRET_KEY

    # Use in scripts

    export DB_URL=$(eqhopass get DATABASE_URL)

    # List all keys

    eqhopass list --category api-keys

    `

    2. End-to-End Encryption

    All credentials are encrypted locally before transmission. The server never sees plaintext:

  • Algorithm: AES-256-GCM

  • Key derivation: Argon2id (memory-hard, GPU-resistant)
  • Zero-knowledge: Server stores only encrypted blobs
  • Local vault: Offline access with encrypted local cache

    • 3. Team Sharing

    Share credentials securely with team members:

    `bash

    # Share with a team member

    eqhopass share AWS_SECRET_KEY --with [email protected]

    # Create a shared vault

    eqhopass vault create "production-secrets" --members alice,bob

    # Rotate a shared credential

    eqhopass rotate DATABASE_PASSWORD --vault production-secrets

    `

    4. .env File Integration

    `bash

    # Export all credentials to .env format

    eqhopass export --format env > .env

    # Import from existing .env

    eqhopass import .env --category project-x

    # Sync .env with vault (bidirectional)

    eqhopass sync .env --vault my-project

    `

    5. CI/CD Integration

    Inject secrets into your pipeline without storing them in CI config:

    `yaml

    # GitHub Actions

    steps:

    - name: Get secrets

    run: |

    export DB_URL=$(eqhopass get DATABASE_URL)

    export API_KEY=$(eqhopass get API_KEY)

    `

    Security Architecture

    `

    Master Password → Argon2id → Encryption Key

    ↓

    Credential → AES-256-GCM Encrypt → Encrypted Blob → Server Storage

    ↑

    Random IV per item

    `

    Threat Model

  • Server compromise: Attacker gets encrypted blobs only (useless without master password)
  • Network interception: TLS + encrypted payloads = double protection
  • Device theft: Local vault requires master password to decrypt
  • Brute force: Argon2id makes GPU attacks impractical (100ms per attempt)

    • Getting Started

    `bash

    # Install

    pip install eqhopass

    # Initialize vault

    eqhopass init

    # Set your first credential

    eqhopass set OPENAI_API_KEY "sk-..."

    # Verify

    eqhopass get OPENAI_API_KEY

    ``

    Pricing

  • Starter ($9/mo): 100 credentials, 1 user, CLI access

  • Professional ($29/mo): Unlimited credentials, 10 users, team sharing, API access, CI/CD integration

    • Both plans include end-to-end encryption, offline access, and priority support.

    Related Products

    eqhopass
    Contact via TelegramContact via WhatsAppSend Email