Secure, simple secrets management for developers
Stop sharing .env files over Slack.
PyPI version Python Version License: MIT
We've all been there:
- "Hey, can you send me the database credentials?"
- "Which
.envfile is the latest one?" - "I just set up a new laptop and now I need to ask everyone for secrets again"
Sharing secrets through Slack, email, or sticky notes is a mess. It's insecure, hard to track, and honestly just annoying.
It's simple: one command to pull all your secrets, anywhere.
pip install secretscli-py secretscli login secretscli project use my-app secretscli secrets pull
That's it. Your .env file is ready. No asking around. No digging through old messages.
- You store secrets once - encrypted, in the cloud
- Your team pulls them anywhere - new laptop, CI/CD, staging server
- Server never sees plaintext - zero-knowledge encryption
No more "which version is correct?" - there's one source of truth.
New to SecretsCLI? Here's how to get started:
pip install secretscli-py # Create your account secretscli init # Create a project for your app secretscli project create my-app # Add your secrets secretscli secrets set DATABASE_URL=postgresql://... API_KEY=sk_live_... # Or if you already have a .env file, just push it secretscli secrets push
Already have an account? Just pull your secrets:
pip install secretscli-py secretscli login # Connect to your project secretscli project use my-app # Pull all secrets secretscli secrets pull # Done - your .env is ready
Want to create a project in a team workspace instead of your personal one?
# See all your workspaces secretscli workspace list # Switch to the workspace you want secretscli workspace switch "Backend Team" # Now create your project - it goes into the selected workspace secretscli project create api-service
Got a team? Here's how to share secrets securely:
# Create a team workspace secretscli workspace create "Backend Team" # Invite your teammates secretscli workspace invite alice@company.com secretscli workspace invite bob@company.com # Create a shared project secretscli project create shared-api # Your teammates just need to: pip install secretscli-py secretscli login secretscli project use shared-api secretscli secrets pull # They now have all the secrets
Everyone in the workspace gets the same secrets. When you update something, they get it on their next pull.
- Zero-knowledge - API never sees your plaintext secrets
- End-to-end encryption - X25519 + Fernet (industry standard)
- Your keys, your control - stored in your system keychain
We can't read your secrets even if we wanted to.
- Command Reference - Every command explained
- Developer Guide - Contributing, testing, architecture
This is the Python implementation, but SecretsCLI can be built in any language - Go, Rust, JavaScript, whatever you prefer.
If you want to create an implementation in another language:
- Open an issue with the title "New Language Implementation: [Language]"
- We'll create an official repository under our org
- You build it, we help maintain it
This keeps all implementations organized and gives contributors proper credit.
- Python 3.9+
- Internet connection
Found a bug? Got an idea? PRs are welcome.
Check out CONTRIBUTING.md to get started.
If this saves you time, consider giving it a star. It helps others find it.
MIT License