diff --git a/src/calanonsync/calanonsync.go b/src/calanonsync/calanonsync.go
index 8527a15..a15cc09 100644
--- a/src/calanonsync/calanonsync.go
+++ b/src/calanonsync/calanonsync.go
@@ -9,12 +9,14 @@ import (
 )
 
 func main() {
-	rootCmd := cobra.Command{
+	rootCmd := &cobra.Command{
 		Use:   "calanonsync",
 		Short: "Synchronize a calendar from EWS to CalDAV by event time and an anonymized title only.",
 		Run:   runSynchronization,
 	}
 
+	rootCmd.AddCommand(InitSettingsCmd())
+
 	if err := rootCmd.Execute(); err != nil {
 		fmt.Println(err)
 		os.Exit(1)
diff --git a/src/calanonsync/settings.go b/src/calanonsync/settings.go
index 319cc6f..4e05816 100644
--- a/src/calanonsync/settings.go
+++ b/src/calanonsync/settings.go
@@ -2,6 +2,8 @@ package main
 
 import (
 	"encoding/json"
+	"fmt"
+	"github.com/spf13/cobra"
 	"golang.org/x/crypto/ssh/terminal"
 	"os"
 	"strings"
@@ -58,3 +60,33 @@ func LoadSettings() Settings {
 
 	return settings
 }
+
+func InitSettingsCmd() *cobra.Command {
+	settingsCmd := &cobra.Command{
+		Use:   "settings",
+		Short: "Manage settings.",
+	}
+
+	encryptCmd := &cobra.Command{
+		Use:   "encrypt",
+		Short: "Encrypt the passwords in the settings file.",
+		Long: `This will encrypt the passwords in the settings file that are
+not empty. It will generate a new "master" password and store that alongside
+the settings file. This is NOT secure, it just helps to prevent
+over-the-shoulder "attacks".`,
+		Run: func(cmd *cobra.Command, args []string) {
+			fmt.Println("Encrypt")
+		},
+	}
+
+	decryptCmd := &cobra.Command{
+		Use:   "decrypt",
+		Short: "Decrypt a previously encrypted settings file.",
+		Run: func(cmd *cobra.Command, args []string) {
+			fmt.Println("Decrypt")
+		},
+	}
+
+	settingsCmd.AddCommand(encryptCmd, decryptCmd)
+	return settingsCmd
+}