{"id":31768965,"url":"https://github.com/tyom/homebrew-kcm","last_synced_at":"2025-10-10T02:25:12.399Z","repository":{"id":315142182,"uuid":"1058173416","full_name":"tyom/homebrew-kcm","owner":"tyom","description":"Keychain Master - Secret management utility for macOS Keychain","archived":false,"fork":false,"pushed_at":"2025-09-16T22:10:07.000Z","size":13,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-09-17T00:37:38.156Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tyom.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-16T18:10:24.000Z","updated_at":"2025-09-16T22:10:11.000Z","dependencies_parsed_at":"2025-09-17T00:37:39.467Z","dependency_job_id":"19972a83-b574-4a7a-8497-c0a2a67fa2d5","html_url":"https://github.com/tyom/homebrew-kcm","commit_stats":null,"previous_names":["tyom/homebrew-kcm"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/tyom/homebrew-kcm","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tyom%2Fhomebrew-kcm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tyom%2Fhomebrew-kcm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tyom%2Fhomebrew-kcm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tyom%2Fhomebrew-kcm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tyom","download_url":"https://codeload.github.com/tyom/homebrew-kcm/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tyom%2Fhomebrew-kcm/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279002542,"owners_count":26083399,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-10-10T02:25:08.756Z","updated_at":"2025-10-10T02:25:12.394Z","avatar_url":"https://github.com/tyom.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# KCM - Keychain Master\n\nA secure command-line utility for managing secrets in macOS Keychain with seamless `.env` file integration.\n\n## Features\n\n- **Secure Storage**: Store sensitive data in macOS Keychain instead of plain text files\n- **Environment Integration**: Seamlessly resolve `keychain://` placeholders in `.env` files\n- **Clipboard Management**: Copy secrets to clipboard with automatic clearing after 45 seconds\n- **Pattern Matching**: List and search secrets using wildcards\n- **Simple CLI**: Intuitive commands for adding, removing, and managing secrets\n- **Zero Dependencies**: Pure bash script using native macOS security tools\n\n## Installation\n\n### Using Homebrew\n\n```bash\n# Add the tap\nbrew tap tyom/kcm\n\n# Install kcm\nbrew install kcm\n```\n\n### Manual Installation\n\n```bash\n# Download the script\ncurl -O https://raw.githubusercontent.com/tyom/homebrew-kcm/main/kcm\n\n# Make it executable\nchmod +x kcm\n\n# Move to your PATH\nsudo mv kcm /usr/local/bin/\n```\n\n## Usage\n\n### Adding Secrets\n\nAdd a secret to the Keychain and get the `.env` entry:\n\n```bash\n# Interactive mode (prompts for value)\nkcm add DATABASE_URL\n\n# From stdin\necho \"secret-value\" | kcm add TOKEN -\ncat ~/secret-file.txt | kcm add AWS_SECRET -\n```\n\nAfter adding, you'll get a `.env` entry like:\n\n```\nDATABASE_URL=\"keychain://DATABASE_URL\"\n```\n\n### Using Secrets in Applications\n\nRun any command with secrets from your `.env` file automatically resolved:\n\n```bash\n# Use default .env file\nkcm use -- npm run dev\n\n# Specify a custom env file\nkcm use --env-file .env.production -- node server.js\n\n# Access resolved variables in scripts\nkcm use -- bash -c 'echo $DATABASE_URL'\n```\n\n### Managing Secrets\n\n```bash\n# Show a secret value\nkcm show DATABASE_URL\n\n# Copy to clipboard (auto-clears after 45 seconds)\nkcm copy API_KEY\n\n# List all accessible secrets\nkcm ls\n\n# List secrets matching a pattern\nkcm ls \"DATABASE*\"\nkcm ls \"*_KEY\"\n\n# Note: Only shows secrets that kcm can access\n# Some app-specific secrets may have access restrictions\n\n# Remove a secret\nkcm remove OLD_API_KEY\n```\n\n## Environment File Format\n\nYour `.env` files can use the special `keychain://` prefix to reference Keychain secrets:\n\n```env\n# .env example\nDATABASE_URL=\"keychain://DATABASE_URL\"\nAPI_KEY=\"keychain://API_KEY\"\nREDIS_URL=\"keychain://REDIS_URL\"\n\n# Regular values work too\nPORT=3000\nNODE_ENV=development\n```\n\nWhen you run `kcm use -- \u003ccommand\u003e`, all `keychain://` references are automatically resolved from the Keychain.\n\n## Security Benefits\n\n1. **No Plain Text Secrets**: Sensitive data never stored in files\n2. **Keychain Protection**: Leverages macOS Keychain's built-in security\n3. **Access Control**: Secrets protected by your macOS user account\n4. **Audit Trail**: Keychain access can be monitored via Console\n5. **Auto-clearing Clipboard**: Copied secrets automatically removed after 45 seconds\n\n## Examples\n\n### Setting Up a New Project\n\n```bash\n# Add your database credentials\nkcm add DATABASE_URL\n\n# Add your API keys\nkcm add STRIPE_KEY\nkcm add SENDGRID_KEY\n\n# Create your .env file\ncat \u003e .env \u003c\u003c EOF\nDATABASE_URL=\"keychain://DATABASE_URL\"\nSTRIPE_KEY=\"keychain://STRIPE_KEY\"\nSENDGRID_KEY=\"keychain://SENDGRID_KEY\"\nPORT=3000\nEOF\n\n# Run your application\nkcm use -- npm run dev\n```\n\n### CI/CD Integration\n\n```bash\n# Store deployment credentials\nkcm add AWS_ACCESS_KEY_ID\nkcm add AWS_SECRET_ACCESS_KEY\n\n# Deploy script\nkcm use --env-file .env.deploy -- ./deploy.sh\n```\n\n### Team Collaboration\n\nShare `.env` files with `keychain://` placeholders in your repository. Each team member stores their own credentials locally:\n\n```bash\n# Team member setup\ngit clone https://github.com/yourteam/project\ncd project\n\n# Each member adds their own credentials\nkcm add DATABASE_URL  # Enter their dev database URL\nkcm add API_KEY        # Enter their personal API key\n\n# Everyone can now run the app with their own credentials\nkcm use -- npm start\n```\n\n## Requirements\n\n- macOS (uses native `security` command)\n- Bash 4.0 or higher\n- Access to macOS Keychain\n\n## Important Notes\n\n### macOS Security Prompts\n\nWhen using kcm for the first time or accessing certain secrets, **macOS will display a security dialog** asking for your password or Touch ID. This is normal behavior - macOS is protecting your Keychain and requires your authorization to allow kcm to access stored secrets.\n\nYou may see prompts like:\n\n- \"kcm wants to use your confidential information stored in [KEY_NAME] in your keychain\"\n- You can click \"Always Allow\" to avoid repeated prompts for the same secret\n\n## Troubleshooting\n\n### Permission Issues\n\nIf you encounter permission errors, ensure you have access to the login keychain:\n\n```bash\nsecurity list-keychains\n```\n\n### Viewing Keychain Entries\n\nYou can verify entries directly using macOS security command:\n\n```bash\nsecurity find-generic-password -s \"YOUR_KEY_NAME\" -w\n```\n\n### Clearing Stuck Secrets\n\nIf a secret seems stuck or corrupted:\n\n```bash\n# Remove using kcm\nkcm remove KEY_NAME\n\n# Or remove directly via security command\nsecurity delete-generic-password -s \"KEY_NAME\"\n```\n\n## Development\n\n### Release Process\n\nTo create a new release:\n\n1. **Test with dry-run first:**\n\n   ```bash\n   ./release.sh --dry-run 0.2.0\n   ```\n\n   This shows what will happen without making any changes.\n\n2. **Create the actual release:**\n\n   ```bash\n   ./release.sh 0.2.0\n   ```\n\n   This will:\n\n   - Update version in the kcm script\n   - Generate Formula/kcm.rb from template\n   - Commit and create a git tag\n   - Push to GitHub\n   - Calculate SHA256 for the release tarball\n   - Update the formula with the correct SHA256\n   - Push the final formula\n\n3. **Users can then upgrade:**\n   ```bash\n   brew upgrade kcm\n   ```\n\nThe release script handles all versioning, tagging, and formula updates automatically.\n\n## Contributing\n\nContributions are welcome! Please feel free to submit a Pull Request.\n\n## License\n\nMIT License - see LICENSE file for details\n\n## Author\n\nCreated by Tyom Semonov\n\n## Acknowledgments\n\nBuilt with ♥︎ using native macOS security tools for maximum compatibility and security.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftyom%2Fhomebrew-kcm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftyom%2Fhomebrew-kcm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftyom%2Fhomebrew-kcm/lists"}