cred

Encrypted local secrets → Deployment platforms.

📖 Full Documentation

What it is

cred stores encrypted secrets locally and safely pushes them to target platforms on demand.

⚠️ Status: Early Preview (v0.5.0) — The on-disk format, CLI surface, and security model may change between minor versions.

What it's not

• A hosted secrets manager
• A replacement for HashiCorp Vault or AWS Secrets Manager
• A runtime secret injector

Who it's for

• Solo developers
• Small teams
• Open-source maintainers

Install

Homebrew:

brew tap edneedham/cred
brew install edneedham/cred/cred

Shell:

curl -fsSL https://raw.githubusercontent.com/edneedham/cred/main/scripts/install.sh | sh -s

Cargo:

cargo install cred

Pre-built binaries: GitHub Releases

Quick Start

# Initialize a project
cred init

# Add a target (GitHub Actions)
cred target set github

# Store a secret
cred secret set DATABASE_URL "postgres://..."

# Push to GitHub
cred push github

See the Getting Started guide for more.

Features

• Encrypted vault — Secrets stored locally with ChaCha20-Poly1305
• Sources — Generate credentials from APIs (Resend)
• Targets — Push secrets to CI/CD platforms (GitHub Actions)
• OS keyring — Tokens stored in macOS Keychain, GNOME Keyring, or Windows Credential Manager
• Automation-ready — --json, --dry-run, --non-interactive flags

Documentation

• Installation
• Getting Started
• Commands Reference
• Security Model
• CI/CD Integration

License

Licensed under either of:

• Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
• MIT License (LICENSE-MIT or http://opensource.org/licenses/MIT)

at your choice.