cred
| Crates.io | cred |
| lib.rs | cred |
| version | 0.14.1 |
| created_at | 2025-12-10 15:05:29.045153+00 |
| updated_at | 2026-01-16 18:05:18.34236+00 |
| description | A command-line tool to manage secrets and environment variables locally and remotely. |
| homepage | |
| repository | |
| max_upload_size | |
| id | 1978220 |
| size | 2,289,246 |
Edward Needham (edneedham)
documentation
README
cred
Encrypted local secrets → Deployment platforms.
What it is
cred stores encrypted secrets locally and safely pushes them to target platforms on demand.
⚠️ Status: Early Preview (v0.14.1) — The on-disk format, CLI surface, and security model may change between minor versions.
What it's not
- A hosted secrets manager
- A multi-user access control system
- A replacement for HashiCorp Vault or AWS Secrets Manager
- A runtime secret injector
Who it's for
- Solo developers managing secrets on a single machine
- Open-source maintainers who push secrets to deployment platforms
- Anyone who wants local-first secrets without running infrastructure
Install
Homebrew:
brew tap edneedham/cred
brew install edneedham/cred/cred
Shell:
curl -fsSL https://raw.githubusercontent.com/edneedham/cred/main/scripts/install.sh | sh -s
Cargo:
cargo install cred
Pre-built binaries: GitHub Releases
Quick Start
# Initialize a project (auto-detects targets from git, fly.toml, etc.)
cred init
# Authenticate with a target (per-project, fine-grained token)
cred target set github
# Store a secret
cred secret set DATABASE_URL "postgres://..."
# Optional: scope a secret to a target (v0.14.0+)
cred secret set NEXT_PUBLIC_API_URL "https://..." --targets vercel
# Push to GitHub (no --repo needed, uses saved binding)
cred push github
See the Getting Started guide for more.
Features
- Encrypted vault — Secrets stored locally with ChaCha20-Poly1305
- Environments — Organize secrets by context (dev, staging, prod)
- Version history — Track changes, rollback to previous versions
- Sources — Generate credentials from APIs (Resend)
- Targets — Push secrets to deployment platforms (GitHub Actions, Vercel, Fly.io)
- OS keyring — Tokens stored in macOS Keychain, GNOME Keyring, or Windows Credential Manager
- Automation-ready —
--json,--dry-run,--non-interactiveflags
Documentation
License
Licensed under either of:
- Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT License (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your choice.