Install and Verify¶

Install with `install.sh`¶

Install the latest compatible release:

curl -sSL https://paranoid-passwd.com/install.sh | sh

Pin a specific version:

curl -sSL https://paranoid-passwd.com/install.sh | sh -s -- --version paranoid-passwd-v3.5.2

Install into a custom directory:

curl -sSL https://paranoid-passwd.com/install.sh | sh -s -- --install-dir "$HOME/.local/bin"

Verify the Installed Binary¶

paranoid-passwd --version
paranoid-passwd --cli --length 20 --count 2 --no-audit --quiet
paranoid-passwd vault help

Verify the Release Artifact Manually¶

If you download an archive directly from GitHub Releases:

TAG=$(gh release view --repo jbcom/paranoid-passwd --json tagName --jq .tagName)
VERSION="${TAG#paranoid-passwd-v}"
gh release download "$TAG" --repo jbcom/paranoid-passwd \
  -p "paranoid-passwd-${VERSION}-linux-amd64.tar.gz" \
  -p "checksums.txt"
grep "paranoid-passwd-${VERSION}-linux-amd64.tar.gz$" checksums.txt | sha256sum -c -
gh attestation verify "paranoid-passwd-${VERSION}-linux-amd64.tar.gz" --owner jbcom

On macOS, replace sha256sum -c - with shasum -a 256 -c -.

Validate the Installer Surface Locally¶

If you have already built a local release directory:

make release-validate

That replays the same installer, checksum, and package-manifest validation path used by the release workflow.

Install and Verify¶

Install with install.sh¶

Verify the Installed Binary¶

Verify the Release Artifact Manually¶

Validate the Installer Surface Locally¶

Install with `install.sh`¶