CruxVault is a developer-oriented command-line tool designed for securely managing secrets, configurations, and feature flags - essentially anything that requires privacy and security in application development. Developed in Python, it utilizes AES-256-GCM encryption to protect sensitive data, ensuring that "just trust me" is not a substitute for effective security practices. With features that promote safe handling of both local and production secrets, CruxVault minimizes the complexities and risks associated with managing sensitive information.

Key Features

• AES-256-GCM Encryption: Employs military-grade encryption for safeguarding secrets at rest.
• Local SQLite Storage: Offers fast, reliable, and offline-first storage options.
• Version History Management: Track and rollback to previous versions of secrets easily.
• Tags & Organizational Structure: Helps to organize secrets using tags and hierarchical paths.
• Audit Logging: Maintains a comprehensive audit trail of all operations conducted within the tool.
• System Keychain Integration: Secures the master key storage using the system keychain.
• Git-like Command Interface: Utilizes intuitive commands that feel organic for users accustomed to git workflows.
• Development Mode: Facilitates the generation of fake secrets, ideal for local development.
• Import/Export Functionality: Simplifies collaboration by allowing seamless interaction with .env files.

Usage Examples

CruxVault offers a variety of commands to manage secrets effectively. Here are some examples:

Initialize CruxVault

crux init

Set a Secret

crux set <path/to/secret> <value>
# Example: crux set api/key "abc123"

Retrieve a Secret

crux get <path/to/secret>
# Example: crux get database/password

List All Secrets

crux list

Delete a Secret

crux delete <path/to/secret>
# Example: crux delete temp/key

View Secret Version History

crux history <path/to/secret>
# Example: crux history api/key

CruxVault also provides capabilities to scan for hardcoded secrets in codebases, ensuring code integrity:

crux scan .

Python API Usage

CruxVault can be integrated programmatically using its Python API. Here's a quick start example:

import cruxvault as crux
crux.init()
crux.set("database/password", "secret123")
password = crux.get("database/password")
print(password)  # Output: "secret123"

Security Features

CruxVault prioritizes security with AES-256-GCM encryption and effective master key management strategies, including system keychain utilization and environment variable configurations. All operations are logged, providing transparency and traceability for every action performed.

With its straightforward setup and Git-like interface, CruxVault significantly reduces the burden of managing sensitive data in development environments while enhancing security practices. This tool not only keeps critical information secure but also adapts to the needs of local and production use cases efficiently.