A command-line secret manager for developers, sysadmins, and devops
No Background Process
No service or daemon to install. Read and write secrets with a single command, on Linux/Windows/macOS.
Straightforward key-value interface: use set/get/unset commands to manipulate secrets
All cryptography happens in the client, on your computer: no passwords, keys or plaintext data over the Internet.
Fully configure options with command line arguments, configuration files or environment variables (no unexpected defaults!)
Choose Your Own Storage
Multiple storage backend options: local filesystem, AWS S3 or S3-compatible object storage, git repository...
NIST-approved, industry-grade cryptography standards: AES-256 encryption and Argon2id key derivation
Secure secret management from the command line
# Set store password in environment $ export SCRT_PASSWORD=******* # Add a secret to the store $ scrt set greeting 'Good news, everyone!' # Retrieve the secret from the store $ scrt get greeting Good news, everyone!