v1.1.1

Fixes

• version command now works with go install: When installed via go install github.com/tkukushkin/secret-box@latest, the version is read from Go module build info instead of showing dev.

v1.1.0

New Features

• version command: secret-box version prints the current version. Builds from GitHub releases show the tag (e.g. v1.1.0), local builds show dev.
• Version injected at build time: Release workflow now passes the tag via -ldflags into the binary.

v1.0.0

Breaking Changes

• exec command redesigned: The -e/--env flag has been removed. Secrets are now referenced directly in environment variable values and command arguments using $(secret-name) syntax.

  Before:

  secret-box exec -e DB_PASSWORD=db-pass -- psql

  After:

  DB_PASSWORD='$(db-pass)' secret-box exec -- psql

New Features

• $(secret-name) in env vars and args: exec automatically scans environment variables and command arguments for $(secret-name) references, resolves them, and substitutes the values. Multiple references in a single value are supported:

  DATABASE_URL='postgres://$(db-user):$(db-pass)@localhost/mydb' secret-box exec -- myapp

• exec --once: Authenticate with Touch ID but don't cache the session, matching the existing read --once behavior.

• clear-auth-cache command: Clear all cached Touch ID sessions. All secrets will require re-authentication on next access.

v0.2.0

What's Changed

Full rewrite from Swift to Go with complete data compatibility — existing secrets are readable without migration.

Highlights

• Same CLI interface, same commands and flags
• Same database location and schema (~/Library/Application Support/secret-box/db.sqlite3)
• Same Keychain entry for master key
• Same AES-256-GCM encryption format
• Same per-app per-secret auth cache with HMAC integrity
• Installable via go install github.com/tkukushkin/secret-box@latest

v0.1.0

Full Changelog: https://github.com/tkukushkin/secret-box/commits/v0.1.0