Developer Fran314 released secs-man, a Rust‑based CLI that backs up, restores, and verifies encrypted secrets. The tool relies on the age encryption format and standard Unix utilities like coreutils, deliberately avoiding any proprietary lock‑in. By storing backups as timestamped snapshots, users can recover data with only a shell, age, and a few minutes of manual work for developers.

secs-man targets environments where cloud storage is undesirable, offering local‑only protection for keys, configuration files, and other sensitive material. Integration with NixOS lets users install the binary via flakes or include it in system and home manager configurations, while non‑Nix users can fetch the repository with cargo install. A separate secs-man‑ssh script handles remote hosts without transmitting the passphrase during deployment.

Backups include a SHA‑256 hash file for integrity checking; secs-man automatically verifies each export and provides a verify‑export command for older snapshots. The manifest format lists relative paths, owners, and modes, enabling precise permission restoration. Because decryption depends only on age and coreutils, the archive remains readable even if secs‑man vanishes, fulfilling the author’s goal of tool‑independent longevity in practice today.