Rook provides a secret service a-la secret-tool, keyring, or pass/gopass, except backed by a Keepass v2 kdbx file.

The problem Rook solves is mainly in script automation, where you have aerc, offlineimap, isync, vdirsyncer, msmtp, restic, or any other cron jobs that need passwords and which are often configured to fetch these passwords from a secret service with a CLI tool. Unlike existing solutions, Rook is headless, and does not have a bespoke secrets database full of passwords that must be manually synchronized with Keepass; instead, it uses a Keepass db directly.

Rook is in the AUR; binaries are available from the project page.

From the changelog, since the last Lemmy release announcement (v0.0.9):

[v0.1.3] Mon May 20 17:12:25 2024 -0500

Added

  • status command, a more lightweight way of testing if a DB is open. Using this instead of info in e.g. statusbar scripts greatly reduces CPU load.
  • case-insensitive search.

Changed

  • removing some nil panics that could occur when DB is closed while a client call is being processed.

Fixed

  • a hidden bug in the OTP pin code.
  • some errors being ignored (and therefore not logged)
  • TOTP attributes getting missed by otp generator check

[v0.1.2] Fri Apr 26 15:13:55 2024 -0500

Added

  • one-time pin soft locking
  • installation instructions for distributions that have rook in a repository
  • more of the special autotype {} commands are supported (backspace, space, esc)

Changed

  • getAttr adds a little delay before typing, allowing initiator tools (like rofi) to close windows before text is output
  • cleans up code per golint/gochk

Fixed

  • an autotype bug in outputting literals

[v0.1.1] Sun Mar 17 13:44:54 2024 -0500

Added

  • the original source rook.svg
  • ability to start the rook server passing in the password via stdin pipe.

Changed

  • assets moved to directory
  • documentation referenced Keepass v4; there’s no such thing, it’s v2.
  • license, was missing © from original
  • stop trying to remove the version number from build assets
  • documentation to clarify when the master password exists as plain text, in response to questions from @d3Xt3r@lemmy.nz

[v0.1.0] Fri Mar 15 14:03:25 2024 -0500

Added

  • nfpm file
  • logo

Changed

  • clears out the password so it’s not being held in plain text by the flags library.
  • some of the documentation, and fixes the duplicated v0.0.9 entry in the changelog.
  • CI build targets are more limited, but also include some distro packages
  • better README documentation

Removed

  • the monitor attribute was taken out, as rook no longer busy-polls the DB