Puffy's Encrypted Container Manager - A tool for simplifying secure virtual devices in OpenBSD
updated license
Moved logo into repo and updated README
Fix README and comments


browse  log 



You can also use your local clone with git send-email.



I use the ctmg tool written by Jason Donenfeld (aka zx2c4) on my Linux machines. I wanted a tool like ctmg for OpenBSD. This tool requires that you have doas configured.

#doas configuration

# if you haven't already, add a line like this to /etc/doas.conf
permit persist BobBoblaw

# allow user bob to execute superuser commands


Simply run:

doas make install

# to uninstall
doas make uninstall

There are no dependencies, but this tool only works for OpenBSD.


pecm new 1000 MB
pecm open container.ct # (pecm expects your container to have the .ct extension at runtime)
pecm list
pecm close container

#Differences from ctmg

  • Does not create sparse containers
  • Does not include the 'delete' flag (I'll let you type rm)
  • Currently spaces in container names are not supported (working on refactoring)


With the generic kernel you can only have 4 virtual devices open at once. You have to compile a custom kernel to change this value. See the man page for vnd for more info.

#License / Disclaimer

This project is licensed under the 3-clause BSD license. (See LICENSE.md)

I take no responsibility for you blowing stuff up.

Artwork courtesy of freepik (CC 3.0 BY)