A command-line secret manager for developers, sysadmins, and devops
No Background Process
No service or daemon to install. Read and write secrets with a single command, on Linux/Windows/macOS.
Intuitive Interface
Straightforward key-value interface: use set/get/unset commands to manipulate secrets
Local Encryption/Decryption
All cryptography happens in the client, on your computer: no passwords, keys or plaintext data over the Internet.
Highly Configurable
Fully configure options with command line arguments, configuration files or environment variables (no unexpected defaults!)
Choose Your Own Storage
Multiple storage backend options: local filesystem, AWS S3 or S3-compatible object storage, git repository...
Robust Secrecy
NIST-approved, industry-grade cryptography standards: AES-256 encryption and Argon2id key derivation
Secure secret management from the command line
# Set store password in environment
$ export SCRT_PASSWORD=*******
# Add a secret to the store
$ scrt set greeting 'Good news, everyone!'
# Retrieve the secret from the store
$ scrt get greeting
Good news, everyone!