Konbini (Japanese for "convenience store") is your go-to solution for securely storing, managing, and sharing sensitive information within your organization. Like a well-organized bento box, Konbini keeps your secrets neatly compartmentalized and protected.
- End-to-End Encryption: Secrets are encrypted on the client side - Konbini never sees plaintext data
- Team Sharing: Securely share credentials with team members through the groups system
- Fine-grained Permissions: Control who can access, view, and modify your secrets
- Two-Factor Authentication: Enhanced security with TOTP (Time-based One-Time Password)
- Intuitive CLI: Command-line interface with TUI support for easy management
- API Access: RESTful API for integration with your existing tools
- Audit Logs: Track who accessed what and when
- Go 1.21+
- SQLite database (or Turso for production)
- Resend.com account (for email verification)
- Goose for database migrations
- Clone the repository
git clone https://github.com/juancwu/konbini.git
cd konbini- Install dependencies
go mod download- Create a
.envfile in the project root with the following variables:
PORT=8080
DB_URL=file:konbini.db
JWT_SECRET=your-secret-key
RESEND_API_KEY=your-resend-api-key
APP_URL=http://localhost:8080
- Build the project
# Build the server
go build -o bin/konbini cmd/server/main.go
# Build the CLI
go build -o bin/konbini-cli cmd/cli/main.go./bin/konbiniThe CLI can be run in two modes:
./bin/konbini-cliThis launches an interactive terminal user interface where you can:
- Register/login to your account
- Set up 2FA with TOTP
- Manage your bentos (secret containers)
- Create and join groups
- Invite team members
# Login to your account
./bin/konbini-cli login
# Create a new bento
./bin/konbini-cli bento new my-api-keys
# Add a secret to a bento
./bin/konbini-cli bento add my-api-keys AWS_SECRET_KEY=abcdefg
# List all bentos
./bin/konbini-cli bento list
# Share a bento with a group
./bin/konbini-cli group invite DevTeam [email protected]In Konbini, a "bento" is a container for your secrets:
- Each bento has a unique name and can contain multiple "ingredients" (key-value pairs)
- Bentos can be shared with other users through groups
- Permissions control who can view or modify each bento
- All bento contents are encrypted on the client side before being sent to the server
Konbini is designed with security at its core:
- Client-side encryption ensures your secrets never leave your machine in plaintext
- Two-factor authentication (TOTP) protects your account
- Fine-grained permission system prevents unauthorized access
- No plaintext storage of sensitive data
- Email verification for new accounts
This project is licensed under the MIT License - see the LICENSE file for details.
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the project
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request