[ghostfoxgod]

Wow, it's fun reading the innovative ways people are solving for this, thanks for sharing your approach. If you don't mind me asking, can you share some more details about this CLI utility? Does it use some existing solutions like GPG or something similar for the tasks you mentioned?

[jqpabc123]

The CLI is pretty simple, it accepts "key:filename" and performs these steps:

    Open file and search backwards from end looking for marker bytes.

    If found, save the file date/time then extract the data and decrypt using AES. 

    If the decrypted data passes a checksum test, place the data in a temporary file and load the file into a text editor.

    Wait for the test editor to exit. If the file has been changed, retrieve the data from disk, re-encrypt, place it back in it's hiding spot and restore the carrier file's original data/time.

    Lastly, overwrite the temporary file with random data before finally deleting and exit.

By the way, my little CLI can also perform TOTP generation. It will search for a section in the text delimited by "<--- 2FA Start" and "2FA End --->" for a list of "tag:=Base32 key string". To generate a TOTP code and place it into the clipboard, just give it "key:filename,tag".