▎ If you use Claude Code, Cursor, or any AI coding agent,
▎ you've probably done this: pasted an API key straight
▎ into the chat, left a .env lying around, or — the classic
▎ — committed a secret by accident. I got tired of it and
▎ built Envkeep.
The problem
AI coding sessions need real secrets to do real work:
OPENAI_API_KEY, a database URL, a Stripe key. The path of
least resistance is to paste the value into the
conversation. Now your secret is in a transcript, maybe in
logs, maybe synced to a cloud. Multiply that across every
session and every project and it's a mess.
The idea
Split the problem in two:
- Humans get a GUI to manage secrets.
- Agents get a CLI that hands over one value at a time, on demand.
So instead of pasting a key, you tell the agent:
▎ "the OpenAI key is in envkeep — grab
▎ my-app/OPENAI_API_KEY."
…and it runs:
envkeep get my-app/OPENAI_API_KEY
One secret. Nothing dumped. The plaintext never goes
through the chat.
How it works
- Source of truth: an age-encrypted vault.age (X25519 + ChaCha20-Poly1305). Only ciphertext ever hits disk or git — you can sync it through any private repo and the host only sees encrypted bytes.
- Decrypt-on-demand by default: no plaintext sits cached anywhere. (There's an optional macOS Keychain cache with auto-lock if you want speed.)
- Projects: secrets are project/KEY, so envkeep env my-app can load a whole project's variables at once: eval "$(envkeep env my-app)".
- A native macOS app (Swift + WKWebView) for the human side — command palette, search, folders.
- Security you can dial in: Touch ID gate, TOTP 2FA (Authy / Google Authenticator), auto-relock, clipboard auto-clear, and an audit log.
- Zero dependencies. Pure Python 3 stdlib + age. No server, no database, no pip install.
Being honest about the threat model
Envkeep protects against the realistic stuff: a leaked
repo, a stolen laptop at rest, a cloud host snooping. It is
not a replacement for HashiCorp Vault or an HSM, and — by
design — the CLI runs as you, so a coding agent you trust
to run commands can read what you point it at. The win is
that secrets stop sprawling into chats, .env files, and
commits.
Try it
brew install jackofshadowz/tap/envkeep
envkeep init
It's MIT-licensed and open source:
https://github.com/jackofshadowz/envkeep
I'd love feedback — especially on the agent workflow and
the security model. What would you want before trusting it
with real keys?
Top comments (0)