Safe, team-friendly dotfile synchronization in Rust.
ConfigSync manages your local configuration files as code, with git-backed history, role-aware syncing, encrypted secrets, and safety-focused recovery commands.
- Track config changes with commit history and rollback support.
- Sync shared dotfiles across machines without manually managing symlinks.
- Keep sensitive files encrypted in-repo and decrypted locally only.
- Apply machine roles (for example
work,personal) to include/exclude files safely.
- Git-based sync:
init,push,pull,history,undo - Local apply engine:
applyto restore links/files from tracked state - Role-aware file targeting via
--role - Encrypted secrets with
ageviasecrets initandsecrets add - Health diagnostics with
doctor - Optional watch mode with
watch
Download the latest binary from the Releases page.
cargo install configsyncgit clone https://github.com/kowshik24/configsync.git
cd configsync
cargo install --path .configsync init --role workClone existing shared config repo instead:
configsync init --url https://github.com/<you>/<dotfiles>.git --role personalconfigsync add ~/.zshrc
configsync add ~/.npmrc --role workconfigsync push
configsync pull
configsync apply| Command | Purpose |
|---|---|
configsync init [--url <repo>] [--role <role> ...] |
Initialize local ConfigSync repository metadata |
configsync add <path> [--role <role> ...] |
Track a file or directory and replace destination with symlink |
configsync push |
Commit local repo changes and push to remote (if configured) |
configsync pull |
Pull remote changes (if configured), then apply locally |
configsync apply |
Re-apply tracked state to local filesystem |
configsync history |
Show recent commit history |
configsync undo [<commit>] |
Revert a commit (safeguards prevent undoing root commit) |
configsync doctor |
Validate repository, file links, and secret key state |
configsync watch |
Start watch mode for automatic sync workflows |
configsync secrets init |
Generate local secret key |
configsync secrets add <path> |
Encrypt and track a secret file |
- Secret files are stored encrypted in the repo (
.age). - Private key is stored locally (default path under
~/.local/share/configsync/key.txt). - Back up your key securely. Without it, encrypted files cannot be decrypted.
- On Unix, restored secret file permissions are tightened (
600).
- If no
originremote exists,push/pullkeep local behavior and print guidance. applyskips paths that are already correctly linked.undointentionally blocks reverting the initial repository commit to avoid teardown of baseline setup files.
Run:
configsync initConfigure remote:
git -C ~/.config/configsync remote add origin <your-repo-url>- Ensure key file exists on current machine.
- Re-run
configsync secrets initonly for new local key generation. - Restore the original key backup if you need to decrypt older encrypted files.
configsync doctor- First-install reliability improvements (
initinitial commit, saferhistory/undobehavior) - Added explicit
applycommand - Better commit signature handling when git identity is missing
- Added Rust CLI integration tests for critical flows
- Improved apply UX (
Already linked. Skipping.for correct existing symlinks) - Improved sync warnings and branch fallback handling in pull flows
Contributions are welcome. Please open an issue or submit a pull request.
MIT. See LICENSE.