An offline, zero-knowledge, terminal-native password manager.
Project description
Nyxora is an offline password manager that runs entirely in your terminal. Your vault is stored on your machine, encrypted with military-grade cryptography — nothing ever leaves it. No accounts. No cloud. No subscriptions.
Preview
nyx tui — interactive vault browser with live TOTP codes, strength ratings, and instant search
Install
Recommended — works on Windows and Linux:
pipx install nyxora
Standard pip:
pip install nyxora
Windows — no Python required:
Download nyx.exe from the latest release
and run it from any terminal.
Quick Start
# 1. Create your vault (one time only)
nyx vault init
# 2. Unlock it
nyx vault unlock
# 3. Add a password
nyx secret add -t "GitHub" -u "your-username" --generate
# 4. Open the interactive browser
nyx tui
That's it. Your vault is encrypted and stored locally at ~/.nyxora/vault.nyx.
What can Nyxora do?
| 🔒 Store secrets | Passwords, usernames, URLs, notes, custom fields — all encrypted |
| 🖥️ Interactive TUI | Visual vault browser with search, TOTP codes, and strength ratings |
| 🛡️ Security audit | Scan for weak, reused, or breached passwords (via HaveIBeenPwned) |
| 📋 Clipboard | Copy passwords to clipboard — auto-clears after 30 seconds |
| 🔑 Generator | Passwords, passphrases, API keys, SSH keys with entropy analysis |
| 🔐 TOTP support | Store 2FA secrets per entry — live codes shown in the TUI and CLI |
| 📦 Import | Bring in passwords from Bitwarden, 1Password, or any CSV export |
| 🔌 Scripting | Pipe credentials into scripts without exposing them in shell history |
| 🐍 Python SDK | from nyxora import VaultClient — programmatic vault access |
| 💾 Backups | Create, verify, and restore encrypted vault backups |
| 🚨 Emergency access | Recovery capsules and Shamir secret sharing for catastrophic scenarios |
Commands
Vault
nyx vault init # create a new vault
nyx vault unlock # unlock your vault
nyx vault lock # lock and wipe session
nyx vault status # show vault status
nyx vault change-password # change master password
nyx vault panic # emergency wipe — destroys session immediately
nyx vault profiles # manage multiple vaults
Secrets
nyx secret add # add a new entry
nyx secret list # list all entries
nyx secret get "GitHub" # get an entry by title
nyx secret get "GitHub" --copy # copy password to clipboard
nyx secret update "GitHub" # update an entry
nyx secret delete "GitHub" # delete an entry
nyx secret totp "GitHub" # show live TOTP code
nyx secret clone "GitHub" # duplicate an entry
nyx secret search "git" # search by title, username, or URL
Generate
nyx generate password # random password
nyx generate password --length 32 # custom length
nyx generate password --min-strength strong # enforce strength
nyx generate passphrase --words 6 # diceware passphrase
nyx generate api-key --prefix NYX # API key with prefix
nyx generate entropy "hunter2" # analyse any password
Security
nyx security audit # full vault audit
nyx security audit --no-hibp # skip breach check
nyx security health # vault health score (0–100)
nyx security due # passwords overdue for rotation
nyx security log # audit event history
nyx security forensic # full integrity verification
Scripting
# Pipe a password to a command's stdin
nyx script pipe "GitHub" -- some-command
# Inject credentials as environment variables
nyx script run "AWS" -- aws s3 ls
# Fuzzy-find entries (requires fzf)
nyx script fzf --copy
# Machine-readable output
nyx --json secret list
nyx --json vault status
Other
nyx backup create / list / verify / restore # vault backups
nyx locker encrypt <file> # encrypt any file
nyx recovery status # check recovery setup
nyx update check / install / rollback # manage updates
nyx tui # interactive browser
Security
Nyxora is designed to keep your passwords secure even if your machine is compromised:
- Argon2id key derivation — memory-hard, resistant to brute force
- XChaCha20-Poly1305 encryption — authenticated, tamper-evident
- Per-entry HMAC integrity checks — detects any modification
- Memory locking — prevents keys from being swapped to disk
- Zero plaintext on disk — every field is encrypted before storage
- Offline by default — no network access except optional HIBP breach checks
Read SECURITY.md for the full security policy and responsible disclosure process.
Python SDK
from nyxora import VaultClient
with VaultClient(vault_path="~/.nyxora/vault.nyx",
password="your-master-password") as client:
entry = client.get("GitHub")
print(entry.password)
totp_code = client.get_totp("GitHub")
score = client.health()
print(f"Vault health: {score.grade} ({score.total}/100)")
Requirements
- Python 3.12 or later (not needed for Windows
.exe) - Windows 10+ or Linux
- macOS — works but not officially tested
Contributing
Pull requests are welcome. See CONTRIBUTING.md for guidelines.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file nyxora-3.0.1.tar.gz.
File metadata
- Download URL: nyxora-3.0.1.tar.gz
- Upload date:
- Size: 5.5 MB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0de6664fd965e7d2a81b80d872dd3287eead15b8b6a297a3abe88693b04074f1
|
|
| MD5 |
2c0d7a67b6ffb54d038791c57280d5bc
|
|
| BLAKE2b-256 |
a0e52c153b9751a75def35c2a920f6b5068450801a1bffc52dbb1b9a2589f141
|
Provenance
The following attestation bundles were made for nyxora-3.0.1.tar.gz:
Publisher:
publish.yml on scorpiocodex/Nyxora
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
nyxora-3.0.1.tar.gz -
Subject digest:
0de6664fd965e7d2a81b80d872dd3287eead15b8b6a297a3abe88693b04074f1 - Sigstore transparency entry: 1861801751
- Sigstore integration time:
-
Permalink:
scorpiocodex/Nyxora@af2828d9df18bf3c4a10c20b70aec8372f6b4389 -
Branch / Tag:
refs/tags/v3.0.1 - Owner: https://github.com/scorpiocodex
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@af2828d9df18bf3c4a10c20b70aec8372f6b4389 -
Trigger Event:
release
-
Statement type:
File details
Details for the file nyxora-3.0.1-py3-none-any.whl.
File metadata
- Download URL: nyxora-3.0.1-py3-none-any.whl
- Upload date:
- Size: 161.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5a02024e5de99649fc34ff7344af10f4c81ce546ff61924636d3792f3269cd41
|
|
| MD5 |
dee9918b83938e269d3da7686757045a
|
|
| BLAKE2b-256 |
3bca851f01b9eca12962467b2442e07481b1324374ac787f1bc2f62b6b1accb8
|
Provenance
The following attestation bundles were made for nyxora-3.0.1-py3-none-any.whl:
Publisher:
publish.yml on scorpiocodex/Nyxora
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
nyxora-3.0.1-py3-none-any.whl -
Subject digest:
5a02024e5de99649fc34ff7344af10f4c81ce546ff61924636d3792f3269cd41 - Sigstore transparency entry: 1861801990
- Sigstore integration time:
-
Permalink:
scorpiocodex/Nyxora@af2828d9df18bf3c4a10c20b70aec8372f6b4389 -
Branch / Tag:
refs/tags/v3.0.1 - Owner: https://github.com/scorpiocodex
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@af2828d9df18bf3c4a10c20b70aec8372f6b4389 -
Trigger Event:
release
-
Statement type: