> ./setup.sh
Enter vault file: ~/google-drive/my_vault_folder/my.vault
Creating folder: /Users/me/google-drive/my_vault_folder/my.vault
Enter password:

Created initial vault contents at /tmp/vault.initial.mtFJNMf0

This is prompting for 2 things:

• vault file: (e.g. ~/google-drive/my_vault_folder/my.vault, can use TAB for autocomplete)
• password: (e.g. P@ssw0rd, doesn't show on screen)

TIP: It's a good idea to use a cloud-synced folder for the encrypted vault storage.

> cd /tmp/vault.initial.mtFJNMf0
> ls -lR 
total 40
-rw-r--r--  1 pi  wheel   984  4 Jun 20:28 __decrypt.sh
-rw-r--r--  1 pi  wheel     9  4 Jun 20:28 __encrypted_filepath.txt
-rw-r--r--  1 pi  wheel     2  4 Jun 20:28 __password.txt
-rwxr-xr-x  1 pi  wheel  1902  4 Jun 20:28 encrypt
drwxr-xr-x  3 pi  wheel    96  4 Jun 20:28 files
-rw-r--r--  1 pi  wheel    53  4 Jun 20:28 init.sh

./files:
total 8
-rw-r--r--  1 pi  wheel  4  4 Jun 20:28 foo.txt

Your vault is in the files/ folder

Note that setup.sh creates /usr/bin/local/decrypt executable, and initial vault at specified filepath.

This file will execute after every time you decrypt. The default is:

> cat init.sh
# Upon decryption, commands here will execute
open .

On macOS, this will open Finder in the decompressed vault folder.
If you are running on another operating system, you probably want to change this.

> cat files/foo.txt
bar
> echo quux >> files/foo.txt
> cat files/foo.txt
bar
quux

> ./encrypt
Encrypted to /Users/me/google-drive/my_vault_folder/my.vault

NOTE: Remember that there will be a copy of decrypt in your /usr/bin/local/ which should be in your path.
For convenience, a copy is also placed alongside the encrypted vault file:

> ls /Users/me/google-drive/my_vault_folder/
decrypt my.vault

> decrypt ~/google-drive/my_vault_folder/my.vault
/Users/me/google-drive/my_vault_folder
my.vault
enter aes-256-cbc decryption password:
Unpacked to: /tmp/vault.SSieXxCW

> cat /tmp/vault.SSieXxCW/files/foo.txt
bar
quux

Rinse and repeat!

TIP: Execute sensitive commands with preceding space, e.g.: decrypt my.vault & they won't get stored in ~/.bash_history (ref.)

This works with OpenSSL 1.1.1b 26 Feb 2019 installed at /usr/local/anaconda3/bin/openssl

This binary is included in OpenSSL-1.1.1b_macOS/ -- if you wish to use this binary, you will have to make sure that your shell finds it BEFORE it finds the system openssh. So examine your $PATH and copy it somewhere appropriate.

This project DOESN'T work with the openssl that ships with macOS (which is LibreSSL)