diff --git a/bin/idmgr b/bin/idmgr
index a3888f7..cdf7fa2 100755
--- a/bin/idmgr
+++ b/bin/idmgr
@@ -43,10 +43,11 @@ idm_init ()
   export EDITOR=${EDITOR:-vim}
 
   # App variables
-  IDM_CONFIG_DIR=${XDG_CONFIG_HOME:-~/.config}/idmgr
+  IDM_CONFIG_DIR=${IDM_CONFIG_DIR:-${XDG_CONFIG_HOME:-~/.config}/idmgr}
 
   IDM_DIR_ID=${IDM_DIR_ID:-$IDM_CONFIG_DIR/id}
   IDM_DIR_LIB=${IDM_DIR_LIB:-$IDM_DIR_ROOT/lib}
+  IDM_DIR_CACHE=${IDM_DIR_CACHE:-${XDG_CACHE_HOME:-~/.cache}/idmgr}
   
   # Create directories
   mkdir -p $IDM_CONFIG_DIR $IDM_DIR_ID
@@ -255,13 +256,74 @@ idm_exit_trap ()
   idm_log DEBUG "Exit trap"
 }
 
-idem_reverse_doted_list ()
+idm_reverse_doted_list ()
 {
   local list=$1
   awk 'BEGIN{FS=OFS=":"} {s=$NF; for (i=NF-1; i>=1; i--) s = s OFS $i; print s}' <<<"$list"
 }
 
 
+idm_parse_filerules ()
+{
+  local id=$1
+  local f=$2
+  #set -x
+
+  local YADM_ENCRYPT="$2"
+
+  ENCRYPT_INCLUDE_FILES=()
+  ENCRYPT_EXCLUDE_FILES=()
+
+  #cd_work "Parsing encrypt" || return
+  cd ~
+
+  exclude_pattern="^!(.+)"
+  if [ -f "$YADM_ENCRYPT" ] ; then
+    #; parse both included/excluded
+    while IFS='' read -r line || [ -n "$line" ]; do
+      if [[ ! $line =~ ^# && ! $line =~ ^[[:space:]]*$ ]] ; then
+        local IFS=$'\n'
+        for pattern in $line; do
+          if [[ "$pattern" =~ $exclude_pattern ]]; then
+            for ex_file in ${BASH_REMATCH[1]}; do
+              for f in $( find $ex_file -type f ); do
+              #if [ -e "$ex_file" ]; then
+                ENCRYPT_EXCLUDE_FILES+=("$f")
+              #fi
+              done
+            done
+          else
+            for in_file in $pattern; do
+              for f in $( find $in_file -type f ); do
+              #if [ -e "$in_file" ]; then
+                ENCRYPT_INCLUDE_FILES+=("$f")
+              #fi
+              done
+            done
+          fi
+        done
+      fi
+    done < "$YADM_ENCRYPT"
+
+    #; remove excludes from the includes
+    #(SC2068 is disabled because in this case, we desire globbing)
+    FINAL_INCLUDE=()
+    #shellcheck disable=SC2068
+    for included in "${ENCRYPT_INCLUDE_FILES[@]}"; do
+      skip=
+      #shellcheck disable=SC2068
+      for ex_file in ${ENCRYPT_EXCLUDE_FILES[@]}; do
+        [ "$included" == "$ex_file" ] && { skip=1; break; }
+      done
+      [ -n "$skip" ] || FINAL_INCLUDE+=("$included")
+    done
+    ENCRYPT_INCLUDE_FILES=("${FINAL_INCLUDE[@]}")
+
+    echo "${ENCRYPT_INCLUDE_FILES[@]}"
+  fi
+
+}
+
 ## IDM Internal
 ##########################################
 
@@ -381,7 +443,7 @@ idm_core_disable ()
   idm_is_enabled $id
 
   # Reverse module unloading
-  IDM_MOD_ORDER="$( idem_reverse_doted_list $IDM_MOD_ORDER )" 
+  IDM_MOD_ORDER="$( idm_reverse_doted_list $IDM_MOD_ORDER )" 
 
   # Loop over disable functions
   (
@@ -408,7 +470,7 @@ idm_core_kill ()
   idm_is_enabled $id
 
   # Reverse module killing
-  IDM_MOD_ORDER="$( idem_reverse_doted_list $IDM_MOD_ORDER )" 
+  IDM_MOD_ORDER="$( idm_reverse_doted_list $IDM_MOD_ORDER )" 
 
   # Kill all modules
   (
@@ -620,3 +682,5 @@ idm_menu_main $@
     # echo "export NPM_CONFIG_USERCONFIG=~/.config/npmrc"
     # echo "export VAGRANT_HOME=${XDG_OPT_HOME}/vagrant"
     # echo "export GOPATH=${XDG_OPT_HOME}/go"
+
+
diff --git a/lib/idmgr_mod_tomb.sh b/lib/idmgr_mod_tomb.sh
new file mode 100644
index 0000000..77e904d
--- /dev/null
+++ b/lib/idmgr_mod_tomb.sh
@@ -0,0 +1,259 @@
+#!/bin/bash
+
+IDM_MOD_DEPS="ssh"
+
+## Identity functions
+##########################################
+
+
+idm_tomb_help ()
+{
+
+  echo "tomb"
+  printf "  %-20s: %s\n" "tomb ls" "List all tombable files"
+  printf "  %-20s: %s\n" "tomb diff" "Show diff between tomb en \$HOME"
+  printf "  %-20s: %s\n" "tomb show" "Show the list of tombed files"
+  printf "  %-20s: %s\n" "tomb encrypt" "Save the current configuration"
+  printf "  %-20s: %s\n" "tomb decrypt" "Restore a tomb"
+
+  # printf "  %-20s: %s\n" "tomb sync " "Synchronise with remote repo (how ???)"
+}
+
+idm_tomb ()
+{
+
+  # Argument maangement
+  if [ "$#" -eq 1 ]; then
+    local id=$1
+    idm_ssh_ls $id
+    return 0
+  else
+    local action=$1
+    local id=${2-}
+    shift 2 || true
+    local opt=${@-}
+  fi
+
+  idm_log INFO "Forward to yadm: yadm ${action} $opt"
+  yadm ${action} $opt ||
+    idm_log ERR "Tomb fail"
+
+}
+
+idm_tomb_encrypt ()
+{
+  local id=${1}
+  idm_validate id $id
+  export YADM_WORK=$HOME
+  export YADM_DIR=$IDM_CONFIG_DIR/git/$id
+  #set -x
+
+  #yadm archive --prefix=2014-10-21/ --format=zip HEAD | head
+
+  if [[ ! -f $IDM_CONFIG_DIR/$id.db ]]; then
+    idm_log INFO "New bundle creation ..."
+    yadm bundle create - HEAD > $IDM_CONFIG_DIR/$id.db
+  else
+
+    name=${HOSTNAME:-ERROR}
+    yadm remote add $name $IDM_CONFIG_DIR/$id.db 2>/dev/null || true
+    yadm push -u $name --all 2>/dev/null || true
+    yadm push -u $name --tags 2>/dev/null || true
+  fi
+
+  idm_log INFO "NON encrypted git bundle created $IDM_CONFIG_DIR/$id.db"
+}
+idm_tomb_decrypt ()
+{
+  local id=${1}
+  idm_validate id $id
+  export YADM_WORK=$HOME
+  export YADM_DIR=$IDM_CONFIG_DIR/git/$id
+
+  if [[ ! -f $IDM_CONFIG_DIR/$id.db ]]; then
+    idm_exit 1 ERR "You don't have tomb yet ... "
+  fi
+
+  git clone --bare $IDM_CONFIG_DIR/$id.db -b master $YADM_DIR
+
+
+  name=${HOSTNAME:-ERROR}
+  yadm remote add $name $IDM_CONFIG_DIR/$id.db 2>/dev/null || true
+  yadm fetch -u $name --all 2>/dev/null || true
+  yadm fetch -u $name --tags 2>/dev/null || true
+
+  idm_log INFO "Secret repo deployed ini: $IDM_CONFIG_DIR/$id.db"
+}
+
+
+idm_tomb_add ()
+{
+  local id=${1}
+  idm_validate id $id
+  export YADM_WORK=$HOME
+  export YADM_DIR=$IDM_CONFIG_DIR/git/$id
+  
+  # ajoute une liste de fichier: git add
+
+  file=$YADM_DIR/gitignore
+  result=$( idm_tomb__gen_ignore $id )
+
+  for file in $result; do
+    idm_log DEBUG "YOOO: $file"
+    yadm add -f $file
+  done
+
+}
+
+idm_tomb_init ()
+{
+  local id=${1}
+  idm_validate id $id
+
+  export YADM_WORK=$HOME
+  export YADM_DIR=$IDM_CONFIG_DIR/git/$id
+
+  yadm init || true
+  # idm_tomb__gen_ignore $id | sed -e '/^[^$]/ s/^/!/'  > $IDM_CONFIG_DIR/git/$id/gitignore
+  idm_tomb__gen_gitconfig $id > $IDM_CONFIG_DIR/git/$id/gitconfig
+  idm_tomb__gen_config $id > $IDM_CONFIG_DIR/git/$id/config
+  idm_tomb_add $id
+
+}
+
+
+
+idm_tomb_ls ()
+{
+   export YADM_WORK=$HOME
+   export YADM_DIR=$IDM_CONFIG_DIR/git/$id
+
+   yadm list -a
+  
+}
+
+
+## Sourced functions
+##############################
+
+idm_tomb_disable()
+{
+  # Disable internal variables
+  echo "unset YADM_WORK YADM_DIR" | idm_log CODE -
+}
+
+idm_tomb_kill () { idm_tomb_disable ${@-}; }
+
+idm_tomb_enable()
+{
+  local id=${1}
+  idm_validate id $id
+
+  echo "export YADM_WORK='$HOME'"
+  echo "export YADM_DIR='$IDM_CONFIG_DIR/git/$id'"
+
+}
+
+
+## Other functions
+##############################
+
+idm_tomb__gen_ignore ()
+{
+  local id=${1}
+  idm_validate id $id
+
+  find_args="-maxdepth 2 -type f "
+  conf=$( cat <<EOF - 
+$( find $HOME/.ssh/ $find_args -name "${id}*" 2>/dev/null )
+$( find $HOME/.ssh/known_hosts.d/ $find_args -name "${id}*" 2>/dev/null )
+$( find $GNUPGHOME/private-keys-v1.d/ $find_args 2>/dev/null )
+$( find $PASSWORD_STORE_DIR/ $find_args 2>/dev/null )
+$( find $IDM_DIR_ID/ $find_args -name "$id*" 2>/dev/null )
+EOF
+)
+  sed -E -e "s@$HOME/?@@g" <<<"$conf"
+
+}
+
+idm_tomb__gen_gitconfig ()
+{
+  local id=${1}
+  idm_validate id $id
+
+  (
+    cat <<EOF -
+# To enable this file, you need to:
+# git config --local include.path $IDM_CONFIG_DIR/gitconfig
+# yadm gitconfig --local include.path $IDM_CONFIG_DIR/gitconfig
+
+#[include]
+#  path = $IDM_CONFIG_DIR/gitconfig
+
+[core]
+  excludesFile = $IDM_CONFIG_DIR/git/$id/gitignore
+  attributesFile = $IDM_CONFIG_DIR/git/$id/.yadm/gitattributes
+
+EOF
+  ) | sed "s@$HOME/@~/@g"
+}
+
+idm_tomb__gen_config ()
+{
+  local id=${1}
+  idm_validate id $id
+
+  (
+    cat <<EOF -
+[status]
+	showuntrackedfiles = yes
+
+EOF
+  ) | sed "s@$HOME/@~/@g"
+}
+#  
+#  
+#  idm_tomb_init ()
+#  {
+#    set -x
+#  
+#    local id=${2:-$1}
+#  
+#    export YADM_WORK=$HOME
+#    export YADM_DIR=$IDM_CONFIG_DIR/git/$id
+#    
+#    yadm init ${@} $YADM_WORK
+#  
+#    idm_tomb__gen_ignore > $YADM_DIR/tomb
+#  
+#  }
+#  
+#  
+#  idm_tomb_show ()
+#  {
+#    local id=${1}
+#  
+#    # Local checks
+#    idm_validate id_config $id || idm_exit 1 ERR "Configuration '$id' does not exists"
+#  
+#    export YADM_WORK=$HOME
+#    export YADM_DIR=$IDM_CONFIG_DIR/git/$id
+#    
+#    yadm list -a
+#  }
+#  
+#  
+#  idm_tomb_ls ()
+#  {
+#    local id=${1}
+#  
+#    # Local checks
+#    idm_validate id_config $id || idm_exit 1 ERR "Configuration '$id' does not exists"
+#  
+#    export YADM_WORK=$HOME
+#    export YADM_DIR=$IDM_CONFIG_DIR/git/$id
+#    
+#    yadm status -s
+#  }
+#  
+#