/00local-first secrets vault

Keep your keys off your screen, out of your logs, and away from agents.

Vaultenv stores all your secrets AES-256-GCM encrypted on your local machine and injects them directly into your app at runtime — without ever exposing them to your shell, your logs, or any AI agent.

How it works →

local-only· zero server setup· offline· MIT-licensed

— vault · ~/projects/api

# register once. encrypted on disk. $ vault set OPENAI_API_KEY "sk-proj-…" ✓ "OPENAI_API_KEY" registered in vault. # inject at runtime — child process only. $ vault run -- npm start # anything outside vault run sees nothing. $ echo $OPENAI_API_KEY (empty)

/00the leak

Your secrets are everywhere. Every agent run, every log line, every git diff.

When you develop with AI agents like Claude Code, your real keys flow through a dozen surfaces you don't control. Even when you're careful, secrets leak.

Agent reads your .env

# .env on disk
OPENAI_API_KEY=sk-proj-abc123...

# agent: read_file('.env')
→ sees your real API key

Agent reads your logs

// debug.log
console.log(process.env.OPENAI_API_KEY)
→ sk-proj-abc123…

Agent reads git history

$ git log --diff-filter=A -- .env

# the secret you committed
# three months ago
→ sk-proj-abc123…

Vault file stolen from disk

// ~/.secure-vault/vault.encrypted
{"iv":"…","authTag":"…",
 "data":"6f3a9c1e…"}
→ unreadable without master password

/01the surface

One binary. Twelve commands. Zero code changes to your app.

Your code keeps reading process.env.X exactly as before. Vaultenv handles registration, decryption and injection.

/01

vault init

Create your encrypted vault. Sets a master password. Runs once per machine.

$ vault init

/02

vault set

$ vault set STRIPE_KEY "sk_…"

/03

vault list

Names and masked hints only. Real values are never shown.

$ vault list

/04

vault run

Spawn any command with secrets injected as env vars. Child process only.

$ vault run -- node app.js

/05

vault rotate

Replace the value of an existing secret. Type and history preserved.

$ vault rotate KEY "new-val"

/06

vault populate

Bootstrap from .vault-template.json for team onboarding.

$ vault populate

/07

vault lock

Manually clear the session key. New processes lose access immediately.

$ vault lock

/08

vault status

Vault path, lock state, secret count, and last vault run.

$ vault status

/09

vault audit

Local access log. Actions are recorded; values are never logged.

$ vault audit --tail 20

/02how it works

Real keys live in memory, only inside the child process.

The shell never sees them. The agent context never sees them. They appear, do the work, and vanish when the process exits.

/ vault run -- node app.js

Four steps. Zero leaks. The vault file never decrypts to disk.

/ step 01

Read master key

Silently retrieves the session key from the OS Keyring (Keychain on macOS, libsecret on Linux, Credential Manager on Windows).

/ step 02

Decrypt vault

Opens ~/.secure-vault/vault.encrypted with AES-256-GCM. Secrets stay in process memory, never written to disk.

/ step 03

Inject & spawn

Passes decrypted secrets directly to child process environment. Your app reads process.env exactly as before.

/ step 04

Lock on exit

Child process exits → secrets deallocated from memory. Parent shell has no access. Manually run 'vault lock' to revoke current session.

/03encryption spec

Boring cryptography. Industry primitives. No roll-your-own.

Vaultenv is built on Node's built-in crypto module — the same primitives audited and shipped in TLS, signal, and 1Password.

Algorithm	AES-256-GCM
Key size	256 bits
Key derivation	PBKDF2-SHA256
Iterations	100,000
Salt	32 bytes random, unique per install
IV / Nonce	16 bytes random, unique per write
Auth tag	16 bytes (tamper detection)
Session key storage	OS Keyring
Cleared on shutdown	Yes, automatically

    ┌──────────┐
    │  ╭────╮  │
    │  │    │  │
   ╭┴──┴────┴──┴╮
   │            │
   │     ●      │
   │     │      │
   │            │
   ╰────────────╯

If your machine is stolen powered-off, the keyring is empty. The vault file alone is unreadable. There is no password recovery — only re-init.

/04vs other tools

Free. Offline. Zero setup. The local-dev gap.

HashiCorp Vault, Doppler and direnv all solve adjacent problems. Vaultenv fills a specific one: agent-resistant secret management on a single dev machine, with no server.

	Vaultenv	HashiCorp Vault	Doppler	direnv
Local only	✓	— server	— cloud	✓
Encrypted at rest	✓	✓	✓	✗
Free	✓	partial	partial	✓
Zero server setup	✓	✗	✗	✓
AI agent protection	✓	✓	✓	✗
Works offline	✓	✗	✗	✓
Setup time	~1 min	hours	~10 min	~5 min

/05quick start

Three commands. Sixty seconds. Done.

/01

Install

Clone the repo, install dependencies, link globally so vault works from any directory.

/02

Initialise

Set a master password once. Vaultenv creates ~/.secure-vault/vault.encrypted and unlocks the session.

/03

Register & run

Set each secret with a name and value. Then start your app via vault run --. Done.

— quick-start · zsh

# 01 — install $ git clone github.com/vaultenv/vaultenv $ cd vaultenv && npm install && npm link # 02 — initialise $ vault init ? Set master password: ●●●●●●●● ✓ Vault created and unlocked. # 03 — register and run $ vault set OPENAI_API_KEY "sk-proj-…" $ vault set STRIPE_API_KEY "sk_live_…" $ vault run -- npm start (2 secrets injected)