Local-first secret manager for developers "pass for the Node.js generation"
keyp is a simple, secure, local-first secret manager designed specifically for developers. Store your API keys, tokens, and credentials with AES-256 encryption, sync across machines via Git, and never worry about leaking secrets again.
- π Secure - AES-256-GCM encryption with PBKDF2 key derivation
- π Local-first - No cloud account required, works offline
- π Git-based sync - Encrypted secrets safely committed to Git
- β‘ Fast & simple - Intuitive CLI, zero configuration
- π§ Developer-friendly - Script integration, clipboard support
- π Free & open source - MIT license
$ keyp init
Enter master password: ββββββββ
Confirm master password: ββββββββ
β Vault initialized successfully!$ keyp set github-token
Enter master password: ββββββββ
Enter value for "github-token": ββββββββ
Enter master password to save: ββββββββ
β Secret "github-token" saved$ keyp get github-token
Enter master password: ββββββββ
β Copied to clipboard (clears in 45 seconds)$ keyp list
Enter master password: ββββββββ
β’ api-key
β’ database-url
β’ github-token
3 secrets stored$ keyp delete github-token -f
Enter master password: ββββββββ
Delete secret "github-token"? (y/N): y
β Secret "github-token" deleted
Remaining secrets: 2Unlike enterprise secret managers (too complex) or traditional Unix password managers (too arcane), keyp is designed for the way modern developers work:
- β No GPG complexity
- β No cloud account needed
- β No team features bloat
- β Just simple, secure secret storage
npm install -g @theeditor/keypVerify installation:
keyp --versionkeyp initYou'll be prompted to create a master password. This is the only password you need to remember.
keyp set github-token your-token-here
keyp set api-key sk_live_abc123xyz
keyp set db-password secure-passwordkeyp listkeyp get github-token
# Copied to clipboard! (auto-clears in 45 seconds)# Initialize Git sync
keyp sync init https://github.com/username/keyp-backup.git
# Push your vault
keyp sync push
# On another machine, pull to sync
keyp sync pullnpm install -g @theeditor/keyp- Node.js 18.0.0 or higher
- npm 8.0.0 or higher
- β macOS (Intel & Apple Silicon)
- β Linux (Ubuntu, Fedora, Arch, Debian, etc.)
- β Windows (10/11, including WSL)
- β WSL (Windows Subsystem for Linux)
On Linux, install clipboard tools for clipboard support:
# Ubuntu/Debian
sudo apt-get install xclip
# Fedora
sudo dnf install xclip
# Arch
sudo pacman -S xclipOr use --stdout flag to display in terminal instead.
Want to contribute to keyp? We welcome contributions!
git clone https://github.com/TheEditor/keyp.git
cd keyp
npm install
npm run build
npm testnpm run build # Build TypeScript
npm run dev # Watch mode (rebuilds on changes)
npm test # Run all testsSee CONTRIBUTING.md for detailed contribution guidelines.
keyp/
βββ src/ # TypeScript source
βββ lib/ # Compiled JavaScript
βββ bin/ # Executable entry point
βββ docs/ # Documentation
βββ completions/ # Shell completion scripts
βββ package.json # Package configuration
- π CLI Reference - Command-line interface guide
- π Git Sync Guide - Multi-machine sync and encrypted backups
- π§ API Reference - Library API with examples
- π Security Guide - Cryptographic details and threat model
- π Vault Format - Technical vault file specification
keyp follows these principles:
- Local-first - Your secrets stay on your machine
- Simple - One command to do one thing, and do it well
- Secure - Industry-standard encryption, no shortcuts
- Developer-focused - Built for developers, by developers
Inspired by pass but designed for modern Node.js developers who want simplicity without complexity.
MIT Β© Dave Fobare
β Star this repo to follow development!
π Found a bug? Open an issue
π‘ Have ideas? Start a discussion