Adds a new foks provider for the FOKS end-to-end encrypted KV store, and fixes a long-standing panic when piping fnox get into a process that closes the pipe early.
Added
foks provider for the Federated Open Key Service (#486) -- @maxtaco
A new provider that stores secrets in a FOKS end-to-end encrypted KV store via the foks CLI. Supports both personal and team-scoped configurations:
[providers]
foks = { type = "foks", prefix = "fnox/" } # personal
ops = { type = "foks", prefix = "fnox/", team = "ops" } # team-shared
[secrets]
DATABASE_URL = { provider = "ops", value = "DATABASE_URL" }Configurable fields:
prefix— path namespace within the FOKS KV storeteam— FOKS team to scope to (passed through as--team)home— custom FOKS home dir (passed as--home); falls back toFNOX_FOKS_HOME/FOKS_HOMEhost,bot_token— non-interactive auth for CI
When bot_token and host are configured (or FOKS_BOT_TOKEN / FOKS_HOST are set in env), the provider transparently runs foks bot use --host <host> on the first auth failure and retries the operation, so CI just needs:
env:
FOKS_BOT_TOKEN: ${{ secrets.FOKS_BOT_TOKEN }}
steps:
- run: brew install foks
- run: foks ctl start
- run: fnox exec -- ./deploy.shThe auto-login fires at most once per provider instance (mutex-guarded), so concurrent secret fetches don't dogpile and bad tokens surface as a clear ProviderAuthFailed. Scaffold a config block with fnox provider add foks foks. See the FOKS provider docs for the full reference.
Fixed
Exit cleanly on SIGPIPE instead of panicking (#487) -- @maxtaco
fnox get FOO | <reader-that-exits-early> previously panicked because Rust inherits SIG_IGN for SIGPIPE from libc, so writes to a closed pipe returned EPIPE and println! blew up:
Error: × Main thread panicked.
╰─▶ failed printing to stdout: Broken pipe (os error 32)
fnox now resets SIGPIPE to SIG_DFL at startup and dies from the signal like a normal Unix tool. Pipelines such as fnox get TRAILING | cat -A (where BSD cat rejects -A and exits) now produce a clean 141 exit code instead of a Rust panic.
Docs site version label (#483) -- @jdx
After the workspace migration, the VitePress config's regex still looked for version = "..." under [package], but the literal version now lives under [workspace.package]. The docs nav was falling back to v0.0.0; it now reads the real version.
New Contributors
Full Changelog: v1.24.1...v1.25.0
💚 Sponsor fnox
fnox is maintained by @jdx under en.dev — a small independent studio building developer tooling like mise, aube, hk, and more. Keeping fnox secure, maintained, and free is funded by sponsors.
If fnox is handling secrets or config for you or your team, please consider sponsoring at en.dev. Sponsorships are what let fnox stay independent and the project keep moving.