https://github.com/edneedham/cred
A command-line tool to manage secrets and environment variables locally and remotely.
https://github.com/edneedham/cred
cli rust secrets security
Last synced: 5 months ago
JSON representation
A command-line tool to manage secrets and environment variables locally and remotely.
- Host: GitHub
- URL: https://github.com/edneedham/cred
- Owner: edneedham
- License: apache-2.0
- Created: 2025-11-28T20:44:06.000Z (7 months ago)
- Default Branch: main
- Last Pushed: 2026-01-10T15:51:44.000Z (6 months ago)
- Last Synced: 2026-01-11T04:43:28.911Z (6 months ago)
- Topics: cli, rust, secrets, security
- Language: Rust
- Homepage:
- Size: 1.57 MB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE-APACHE
Awesome Lists containing this project
README
[](https://github.com/edneedham/cred/actions/workflows/ci-cd.yml)
[](https://crates.io/crates/cred)
[](https://github.com/edneedham/cred/releases/latest)
[](https://github.com/edneedham/homebrew-cred)
[](LICENSE-MIT)
[](https://github.com/edneedham/cred/releases)
# cred
Encrypted local secrets → Deployment platforms.
📖 **[Full Documentation](https://edneedham.github.io/cred/)**
---
## What it is
`cred` stores encrypted secrets locally and safely pushes them to target platforms on demand.
⚠️ **Status: Early Preview (v0.17.0)** — The on-disk format, CLI surface, and security model may change between minor versions.
### What it's not
- A hosted secrets manager
- A multi-user access control system
- A replacement for HashiCorp Vault or AWS Secrets Manager
- A runtime secret injector
### Who it's for
- **Solo developers** managing secrets on a single machine
- Open-source maintainers who push secrets to deployment platforms
- Anyone who wants local-first secrets without running infrastructure
---
## Install
**Homebrew:**
```bash
brew tap edneedham/cred
brew install edneedham/cred/cred
```
**Shell:**
```bash
curl -fsSL https://raw.githubusercontent.com/edneedham/cred/main/scripts/install.sh | sh -s
```
**Cargo:**
```bash
cargo install cred
```
**Pre-built binaries:** [GitHub Releases](https://github.com/edneedham/cred/releases)
---
## Quick Start
```bash
# Initialize a project (auto-detects targets from git, fly.toml, etc.)
cred init
# Authenticate with a target (per-project, fine-grained token)
cred target set github
# Store a secret
cred secret set DATABASE_URL "postgres://..."
# Optional: scope a secret to a target (v0.14.0+)
cred secret set NEXT_PUBLIC_API_URL "https://..." --targets vercel
# Push to GitHub (no --repo needed, uses saved binding)
cred push github
```
See the [Getting Started guide](https://edneedham.github.io/cred/getting-started.html) for more.
---
## Features
- **Encrypted vault** — Secrets stored locally with ChaCha20-Poly1305
- **Environments** — Organize secrets by context (dev, staging, prod)
- **Version history** — Track changes, rollback to previous versions
- **Sources** — Generate credentials from APIs (Resend)
- **Targets** — Push secrets to deployment platforms (GitHub Actions, Vercel, Fly.io)
- **OS keyring** — Tokens stored in macOS Keychain, GNOME Keyring, or Windows Credential Manager
- **Automation-ready** — `--json`, `--dry-run`, `--non-interactive` flags
---
## Documentation
- [Installation](https://edneedham.github.io/cred/installation.html)
- [Getting Started](https://edneedham.github.io/cred/getting-started.html)
- [Commands Reference](https://edneedham.github.io/cred/commands/)
- [Security Model](https://edneedham.github.io/cred/security.html)
---
## License
Licensed under either of:
- Apache License, Version 2.0 ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0)
- MIT License ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT)
at your choice.