Lib.rs

β€Ί Command line utilities | Authentication
#devops #ci #automation #secret

app cred

A command-line tool to manage secrets and environment variables locally and remotely

Owned by Edward Needham.

15 releases (9 breaking)

Uses new Rust 2024

new 0.14.1 Jan 16, 2026
0.12.4 Jan 10, 2026
0.5.0 Dec 16, 2025

#488 in Command line utilities

MIT/Apache

1MB
7K SLoC

Contains (WOFF font, 60KB) source-code-pro-v11-all-charsets-500-2bdd9410.woff2, (WOFF font, 45KB) open-sans-v17-all-charsets-300-7736aa35.woff2, (WOFF font, 41KB) open-sans-v17-all-charsets-300italic-2c7b95c0.woff2, (WOFF font, 45KB) open-sans-v17-all-charsets-600-486c6759.woff2, (WOFF font, 43KB) open-sans-v17-all-charsets-600italic-1a3e8659.woff2, (WOFF font, 45KB) open-sans-v17-all-charsets-700-c22fe8c7.woff2 and 5 more.

CI Crates.io GitHub Release Homebrew License Downloads

cred

Encrypted local secrets β†’ Deployment platforms.

πŸ“– Full Documentation

What it is

cred stores encrypted secrets locally and safely pushes them to target platforms on demand.

⚠️ Status: Early Preview (v0.14.1) β€” The on-disk format, CLI surface, and security model may change between minor versions.

What it's not

  • A hosted secrets manager
  • A multi-user access control system
  • A replacement for HashiCorp Vault or AWS Secrets Manager
  • A runtime secret injector

Who it's for

  • Solo developers managing secrets on a single machine
  • Open-source maintainers who push secrets to deployment platforms
  • Anyone who wants local-first secrets without running infrastructure

Install

Homebrew:

brew tap edneedham/cred
brew install edneedham/cred/cred

Shell:

curl -fsSL https://raw.githubusercontent.com/edneedham/cred/main/scripts/install.sh | sh -s

Cargo:

cargo install cred

Pre-built binaries: GitHub Releases

Quick Start

# Initialize a project (auto-detects targets from git, fly.toml, etc.)
cred init

# Authenticate with a target (per-project, fine-grained token)
cred target set github

# Store a secret
cred secret set DATABASE_URL "postgres://..."

# Optional: scope a secret to a target (v0.14.0+)
cred secret set NEXT_PUBLIC_API_URL "https://..." --targets vercel

# Push to GitHub (no --repo needed, uses saved binding)
cred push github

See the Getting Started guide for more.

Features

  • Encrypted vault β€” Secrets stored locally with ChaCha20-Poly1305
  • Environments β€” Organize secrets by context (dev, staging, prod)
  • Version history β€” Track changes, rollback to previous versions
  • Sources β€” Generate credentials from APIs (Resend)
  • Targets β€” Push secrets to deployment platforms (GitHub Actions, Vercel, Fly.io)
  • OS keyring β€” Tokens stored in macOS Keychain, GNOME Keyring, or Windows Credential Manager
  • Automation-ready β€” --json, --dry-run, --non-interactive flags

Documentation

License

Licensed under either of:

at your choice.

Dependencies

~27–45MB
~406K SLoC