cred 0.5.0

A command-line tool to manage secrets and environment variables locally and remotely.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108

[![CI](https://github.com/edneedham/cred/actions/workflows/ci-cd.yml/badge.svg?branch=main)](https://github.com/edneedham/cred/actions/workflows/ci-cd.yml)
[![Crates.io](https://img.shields.io/crates/v/cred.svg)](https://crates.io/crates/cred)
[![GitHub Release](https://img.shields.io/github/v/release/edneedham/cred)](https://github.com/edneedham/cred/releases/latest)
[![Homebrew](https://img.shields.io/badge/homebrew-edneedham%2Fcred-orange)](https://github.com/edneedham/homebrew-cred)
[![License](https://img.shields.io/badge/license-MIT%20OR%20Apache--2.0-blue.svg)](LICENSE-MIT)
[![Downloads](https://img.shields.io/github/downloads/edneedham/cred/total)](https://github.com/edneedham/cred/releases)

# cred

Encrypted local secrets → Deployment platforms.

📖 **[Full Documentation](https://edneedham.github.io/cred/)**

---

## What it is

`cred` stores encrypted secrets locally and safely pushes them to target platforms on demand.

⚠️ **Status: Early Preview (v0.5.0)** — The on-disk format, CLI surface, and security model may change between minor versions.

### What it's not

-   A hosted secrets manager
-   A replacement for HashiCorp Vault or AWS Secrets Manager
-   A runtime secret injector

### Who it's for

-   Solo developers
-   Small teams
-   Open-source maintainers

---

## Install

**Homebrew:**

```bash
brew tap edneedham/cred
brew install edneedham/cred/cred
```

**Shell:**

```bash
curl -fsSL https://raw.githubusercontent.com/edneedham/cred/main/scripts/install.sh | sh -s
```

**Cargo:**

```bash
cargo install cred
```

**Pre-built binaries:** [GitHub Releases](https://github.com/edneedham/cred/releases)

---

## Quick Start

```bash
# Initialize a project
cred init

# Add a target (GitHub Actions)
cred target set github

# Store a secret
cred secret set DATABASE_URL "postgres://..."

# Push to GitHub
cred push github
```

See the [Getting Started guide](https://edneedham.github.io/cred/getting-started.html) for more.

---

## Features

-   **Encrypted vault** — Secrets stored locally with ChaCha20-Poly1305
-   **Sources** — Generate credentials from APIs (Resend)
-   **Targets** — Push secrets to CI/CD platforms (GitHub Actions)
-   **OS keyring** — Tokens stored in macOS Keychain, GNOME Keyring, or Windows Credential Manager
-   **Automation-ready**`--json`, `--dry-run`, `--non-interactive` flags

---

## Documentation

-   [Installation](https://edneedham.github.io/cred/installation.html)
-   [Getting Started](https://edneedham.github.io/cred/getting-started.html)
-   [Commands Reference](https://edneedham.github.io/cred/commands/)
-   [Security Model](https://edneedham.github.io/cred/security.html)
-   [CI/CD Integration](https://edneedham.github.io/cred/ci-cd.html)

---

## License

Licensed under either of:

-   Apache License, Version 2.0 ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0)
-   MIT License ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT)

at your choice.