.png)
10 hours ago
2
A local-first, encrypted secrets manager for development. dev-vault helps developers securely manage sensitive credentials like API keys and database passwords on a per-project basis, preventing accidental exposure and simplifying team collaboration.
- Local-First: Secrets are stored locally in an encrypted vault file.
- Encrypted: All secrets are encrypted at rest using strong cryptography.
- Git-Friendly: The encrypted vault file (secrets.vault) is safe to commit to version control. The decryption key (.dev-vault.key) is automatically added to .gitignore.
- Language Agnostic: Works by injecting secrets as environment variables, making it compatible with any programming language or framework.
- CLI-Based: Easy-to-use command-line interface for managing secrets.
To install dev-vault, clone the repository and install it using pip:
Important: After installation, you might need to add the dev-vault executable to your system's PATH. The executable is typically located in $HOME/Library/Python/X.Y/bin/dev-vault on macOS (where X.Y is your Python version, e.g., 3.9). You can add it to your .bash_profile or .zshrc:
Alternatively, you can create an alias:
Initializes a new vault in the current directory. This creates two files:
- secrets.vault: The encrypted vault file (safe to commit).
- .dev-vault.key: The decryption key (automatically added to .gitignore - DO NOT COMMIT!).
Sets a secret in the vault. If the key already exists, its value will be updated.
Retrieves and prints the decrypted value of a secret.
Lists all secret keys stored in the vault.
Removes a secret from the vault.
Executes a command with all decrypted secrets loaded as environment variables. This is the primary way to run your applications with dev-vault.
We welcome contributions! Please see the CONTRIBUTING.md file for guidelines.
This project is licensed under the MIT License - see the LICENSE file for details.
