SecretSage

Features

🔐

Age Encryption

Military-grade encryption using the modern Age encryption standard. Your secrets are protected at rest with industry best practices.

⏱️

Grant & Revoke Flow

Grant credentials to agents only when needed. Revoke them immediately when done. Full control over your sensitive data.

🤖

Agent-Friendly API

Designed for Claude Code, Cursor, Windsurf, and other AI coding assistants. Simple commands that agents understand.

⌨️

Terminal-Native

Lightweight CLI tool that lives in your terminal. No GUIs. No browser extensions. Just fast, secure credential management.

🛡️

Zero Data Collection

Everything stays on your machine. No analytics. No telemetry. No cloud sync. Complete local control of your credentials.

💻

Cross-Platform

Works on macOS, Linux, and Windows. Consistent experience across all development environments.

🧙

Wizard Handoff

Agents request credentials, you enter them securely in a separate terminal. True human-in-the-loop for sensitive operations.

📋

Audit Trail

Track rotation history with timestamps and reasons. Know when credentials were changed and why.

🔑

Backup Codes Storage

Securely store 2FA recovery codes, emergency access tokens, and other multi-value secrets with usage tracking.

Works Great With

🤖 Claude Code

Seamlessly grant credentials to Claude during development sessions.

🖱️ Cursor

Secure credential access for Cursor's AI-powered code editor.

🌊 Windsurf

Privacy-respecting secrets for Windsurf development workflows.

⚡ Any AI Agent

Simple API works with any agent-driven development tool.

Installation

Install via npm

terminal

npm install -g @cyclecore/secretsage

Quick Start

terminal

# Initialize SecretSage
secretsage init

# Add a secret
secretsage add API_KEY

# Grant secret to an agent
secretsage grant API_KEY

# Revoke when done
secretsage revoke API_KEY

Advanced Features (v0.4.6)

terminal

# Agent-human handoff wizard
secretsage wizard --keys STRIPE_KEY,DB_PASS

# Auto-generate encryption keys
secretsage rotate SESSION_KEY --generate 32

# View rotation audit trail
secretsage audit STRIPE_KEY

# Store 2FA backup codes securely
secretsage backup-codes add npm

# Deploy secrets to remote server
secretsage deploy myapp --remote user@host:/path

Full documentation available on npm

Perfect For

👨‍💻 AI-Assisted Development

Grant API keys and credentials to Claude, Cursor, or other AI coding assistants without exposing them permanently.

🔐 DevOps & Infrastructure

Manage cloud provider credentials, database passwords, and deployment secrets with fine-grained control.

🚀 Deployment Automation

Temporarily grant deployment credentials to CI/CD agents, then revoke them automatically when jobs complete.

🧪 Testing & Development

Safely manage test API keys, staging credentials, and development secrets across multiple projects.

Get Started

Free

Open Source · Apache 2.0 License

✓ Age encryption at rest
✓ Grant & revoke credentials
✓ Agent-human handoff wizard
✓ Rotation audit trail
✓ 2FA backup codes storage
✓ Remote deployment via rsync
✓ Auto-generate secrets
✓ Works with all AI agents
✓ Terminal-native interface
✓ Cross-platform support
✓ Zero data collection

Install from npm →

Privacy Guarantee

SecretSage runs entirely on your machine. Your credentials never leave your computer.

No cloud sync. No analytics. No tracking. Your secrets stay with you. Always.

Questions?

Need help with SecretSage? Have feature requests? Get in touch.

Email Us