Rook provides a secret service a-la secret-tool, keyring, or pass/gopass, except backed by a Keepass kdbx file.

The problem Rook solves is mainly in script automation, where you have aerc, offlineimap, isync, vdirsyncer, msmtp, restic, or any other cron jobs that need passwords and which are often configured to fetch these passwords from a secret service with a CLI tool. Unlike existing solutions, Rook is headless, and does not have a bespoke secrets database full of passwords that must be manually synchronized with Keepass; instead, it uses a Keepass db directly.

Rook is in the AUR and in Alpine testing; binaries are available from the project page.

From the changelog, since the last Lemmy release announcement v0.1.3 on May 20:

[v0.2.0] Fri Oct 11 09:01:03 2024 -0500

Added

  • support for password + key file credentials
  • show --no-eol option, to strip CRs after, eg, passwords

Changed

  • show matches search: it’s now case insensitive

Fixed

  • successful OPEN with password wasn’t clearing the one-time pin, so the DB was staying locked.