restoring from chat historyy

README.md

@@ -22,7 +22,7 @@ Build from source:
 ```bash
 git clone <repository>
 cd secret
-go build -o secret ./cmd/secret
+make build
 ```
 
 ## Quick Start
@@ -107,7 +107,6 @@ Creates a new unlock key of the specified type:
 
 **Types:**
 - `passphrase`: Traditional passphrase-protected unlock key
-- `keychain`: macOS Keychain-protected unlock key (macOS only)
 - `pgp`: Uses an existing GPG key for encryption/decryption
 
 **Options:**
@@ -145,7 +144,6 @@ Decrypts data using an Age key stored as a secret.
 │   ├── default/
 │   │   ├── unlock-keys.d/
 │   │   │   ├── passphrase/              # Passphrase unlock key
-│   │   │   ├── keychain/                # Keychain unlock key (macOS)
 │   │   │   └── pgp/                     # PGP unlock key
 │   │   ├── secrets.d/
 │   │   │   ├── api%key/                 # Secret: api/key
@@ -174,12 +172,7 @@ Unlock keys provide different authentication methods to access the long-term key
    - Stored as encrypted Age keys
    - Cross-platform compatible
 
-2. **Keychain Keys** (macOS only):
-   - Uses macOS Keychain for secure storage
-   - Provides seamless authentication on macOS systems
-   - Age private key encrypted with random passphrase stored in Keychain
-
-3. **PGP Keys**:
+2. **PGP Keys**:
    - Uses existing GPG key infrastructure
    - Leverages existing key management workflows
    - Strong authentication through GPG
@@ -214,9 +207,8 @@ Each vault maintains its own set of unlock keys and one long-term key. The long-
 - Per-secret encryption keys limit exposure if compromised
 - Long-term keys protected by multiple unlock key layers
 
-### Platform Integration
-- macOS Keychain integration for seamless authentication
-- GPG integration for existing key management workflows
+### Hardware Integration
+- Hardware token support via PGP/GPG integration
 
 ## Examples
 
@@ -260,7 +252,6 @@ secret vault list
 ```bash
 # Add multiple unlock methods
 secret keys add passphrase              # Password-based
-secret keys add keychain                # macOS Keychain (macOS only)
 secret keys add pgp --keyid ABCD1234    # GPG key
 
 # List unlock keys
@@ -305,11 +296,11 @@ secret decrypt encryption/mykey --input document.txt.age --output document.txt
 ### Threat Model
 - Protects against unauthorized access to secret values
 - Provides defense against compromise of individual components
-- Supports platform-specific authentication where available
+- Supports hardware-backed authentication where available
 
 ### Best Practices
 1. Use strong, unique passphrases for unlock keys
-2. Enable platform-specific authentication (Keychain) when available
+2. Enable hardware authentication (Keychain, hardware tokens) when available
 3. Regularly audit unlock keys and remove unused ones
 4. Keep mnemonic phrases securely backed up offline
 5. Use separate vaults for different security contexts
@@ -317,15 +308,15 @@ secret decrypt encryption/mykey --input document.txt.age --output document.txt
 ### Limitations
 - Requires access to unlock keys for secret retrieval
 - Mnemonic phrases must be securely stored and backed up
-- Platform-specific features limited to supported platforms
+- Hardware features limited to supported platforms
 
 ## Development
 
 ### Building
 ```bash
-go build -o secret ./cmd/secret  # Build binary
-go test ./...                    # Run tests
-go vet ./...                     # Run static analysis
+make build    # Build binary
+make test     # Run tests
+make lint     # Run linter
 ```
 
 ### Testing
@@ -337,7 +328,7 @@ go test ./...             # Unit tests
 
 ## Features
 
-- **Multiple Authentication Methods**: Supports passphrase-based, keychain-based (macOS), and PGP-based unlock keys
+- **Multiple Authentication Methods**: Supports passphrase-based and PGP-based unlock keys
 - **Vault Isolation**: Complete separation between different vaults
 - **Per-Secret Encryption**: Each secret has its own encryption key
 - **BIP39 Mnemonic Support**: Keyless operation using mnemonic phrases