One Seed to Rule Them All>
SeedPass deterministically derives every key and password from a single 12-word phrase.
bash -c "$(curl -sSL https://raw.githubusercontent.com/PR0M3TH3AN/SeedPass/main/scripts/install.sh)"
# System_Features
Deterministic Gen
BIP-85 deterministic password generation. No server needed.
Encrypted Vault
Local storage for seeds and sensitive data, heavily encrypted.
Nostr Sync
Relay integration with chunked snapshots (50KB) & deltas.
Profile Switching
Manage multiple seed profiles & fingerprints securely.
Interactive TUI
A fast, keyboard-first terminal interface for advanced users.
Secret Mode
Copy to clipboard directly, clearing automatically after delay.
# For_Agents
Machine-readable discovery, non-interactive auth, scoped access, and audit-first automation.
seedpass capabilities --format json && seedpass agent bootstrap-context
Brokered Auth
Use keyring or command brokers for non-interactive unlock without plaintext env secrets.
Policy as Code
Lint, review, and apply policy files with deterministic output and risk-gated changes.
Scoped Identity & Tokens
Issue revocable TTL-bound tokens tied to agent identities, kinds, scopes, and use limits.
Safe Output & Leases
Default redaction plus one-time or N-use secret leases for reduced exposure in logs and pipelines.
Approval + Isolation
Step-up approvals and separate high-risk unlock factors for seed/SSH/PGP/Nostr retrieval paths.
Audit, Posture, Recovery
Chained audit logs, posture checks/remediation, Shamir split-drills, and deterministic export validation.
# Architecture_Overview
// The BIP-85 standard derives multiple child seeds from a single master seed.
> Recovery via Nostr
Restoring a vault on a new device requires the 12-word master seed and the master password. Without the correct password the downloaded archive is unreadable.
> Security Disclaimer
[WARNING] Memory management & logs not formally audited. Loss of parent seed places all derived passwords at risk.