10 releases (4 breaking)

0.6.5 Jan 4, 2022
0.6.2 Jan 4, 2022
0.6.0 Jul 22, 2021
0.5.0 Jul 19, 2021
0.2.4-alpha.0 May 25, 2021

#403 in Configuration

MIT license

701 lines


Scoob is a secrets management tool, designed to make managing your development and production secrets easier, and cloud-agnostic.

Secrets are encrypted using Sodium sealed boxes.



brew install hostyhosting/tap/scoob

Shell (Mac, Linux):

curl -fsSL https://scoob-rs.netlify.app/install.sh | sh

PowerShell (Windows):

iwr https://scoob-rs.netlify.app/install.ps1 -useb | iex

Build and install from source using Cargo:

cargo install scoob --locked


docker run -it --init hostypost/scoob:latest

In your Dockerfile

FROM hostypost/scoob:latest AS scoob

# Later in your Dockerfile...
COPY --from=scoob /usr/local/bin/scoob /usr/bin/scoob

Getting Started

First, you'll want to create a secrets file:

scoob manage ./secrets.yml

This will open your editor with an example Scoob configuration file. A pair of public and secret keys will auto-generated and provided in the file. Make sure you don't commit these into your repository, and instead replace them with values provided dynamically via environment variables. When you close your editor, all of the values under configuration: will be encrypted, and the file will be written to disk.

At a later point, you can add additional secrets by running the same command:

scoob manage ./secrets.yml

We recommend creating a separate secrets file for development and production. This way, you can keep your production keys separate.

To use these secrets, you can start a process with Scoob:

scoob start ./secrets.yml <command...>

This will decrypt the secrets in the file, and will run the command with the secrets added to the environment variables.

File Encryption

Scoob also supports encrypting and decrypting files. This can be useful to encrypt configuration for tools that expect file-based configuration.

Encrypting Files

scoob file ./secrets.yml encrypt ./raw-file ./encrypted-file

By default, Scoob will use the * key when encrypting a file. You can specify a specific encryption key with the --key flag.

Decrypting Files

scoob file ./secrets.yml decrypt ./encrypted-file ./decrypted file-file


~557K SLoC