GoKawiilcoldkey
Your age encryption keys are one disk failure away from total loss. If you use age or sops to encrypt secrets, losing your private key means losing access to everything it protects -- forever.
coldkey generates post-quantum (ML-KEM-768 + X25519) age keys and produces single-page printable HTML backups with QR codes. Print it, laminate it, store it in a fireproof safe. Your secrets survive even if every digital copy is gone.
Install
# Homebrew (macOS/Linux) brew install --cask pike00/tap/coldkey # Or with Go go install github.com/pike00/coldkey/cmd/coldkey@latest
Quick start
Docker (recommended)
# Pull the image docker pull ghcr.io/pike00/coldkey:latest # Interactive — generate a key and paper backup just docker-run # Backup an existing key just docker-backup ~ /.config/sops/age/keys.txt
All just docker-* commands include security hardening flags (network isolation, read-only filesystem, dropped capabilities). Output is written to ./output/ .
From source
... continue reading