Bichon uses an encryption password to protect sensitive data. You must set it before first use, when no data exists.

Once the password is set, it cannot be changed. Changing it later will make all encrypted data unreadable. To start over, you must reinitialize Bichon and delete all emails and metadata.

Starting from v0.2.0, Bichon supports loading the encryption password from a file using the bichon_encrypt_password_file option (or its corresponding environment variable).

• If bichon_encrypt_password_file is specified, Bichon will:

  • Read the file content
  • Use the file’s content (as-is) as the encryption password

• If bichon_encrypt_password_file is NOT set, Bichon falls back to:

  • bichon-encrypt-password (CLI argument), or
  • BICHON_ENCRYPT_PASSWORD (environment variable)

You can set the password using one of the following methods.

Command-line:

bichon --bichon-encrypt-password-file /path/to/password.txt

Environment variable:

export BICHON_ENCRYPT_PASSWORD_FILE=/path/to/password.txt
bichon

The file should contain only the password string (no extra whitespace or newlines).

bichon --bichon-encrypt-password "your-strong-password"

export BICHON_ENCRYPT_PASSWORD="your-strong-password"
bichon

Tip: Use a strong, securely stored password. Once set, it cannot be changed without wiping all encrypted data.