@keynv/cli 0.1.0-rc.20 → 0.1.0-rc.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +118 -0
- package/dist/index.js +3599 -925
- package/dist/index.js.map +1 -1
- package/package.json +6 -4
package/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2025-2026 keynv-labs and contributors
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
package/README.md
ADDED
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
# @keynv/cli
|
|
2
|
+
|
|
3
|
+
> Self-hosted secrets vault for teams and AI-assisted development.
|
|
4
|
+
|
|
5
|
+
[](https://www.npmjs.com/package/@keynv/cli)
|
|
6
|
+
[](https://github.com/keynv-labs/keynv/blob/main/LICENSE)
|
|
7
|
+
|
|
8
|
+
Store your API keys, database URLs, and other secrets in one vault — hosted on
|
|
9
|
+
[keynv.dev](https://keynv.dev) or self-hosted — and reference them everywhere by
|
|
10
|
+
alias (`@project.env.key`) instead of the real value. `keynv` resolves aliases
|
|
11
|
+
into your app at runtime, so the real values never touch your code, your shell
|
|
12
|
+
history, or your AI agent's transcripts. Your agent sees
|
|
13
|
+
`@billing.prod.stripe_key`, never the key itself.
|
|
14
|
+
|
|
15
|
+
## Install
|
|
16
|
+
|
|
17
|
+
```bash
|
|
18
|
+
npm install -g @keynv/cli
|
|
19
|
+
```
|
|
20
|
+
|
|
21
|
+
Node 20+. Prefer a standalone binary over Node? Every
|
|
22
|
+
[release](https://github.com/keynv-labs/keynv/releases) publishes signed
|
|
23
|
+
executables for macOS / Linux / Windows with a `SHA256SUMS` manifest.
|
|
24
|
+
|
|
25
|
+
## Quick start
|
|
26
|
+
|
|
27
|
+
### Option A · Use keynv.dev (hosted — fastest)
|
|
28
|
+
|
|
29
|
+
1. Create a free account at [keynv.dev/register](https://keynv.dev/register).
|
|
30
|
+
2. Connect and set up your project:
|
|
31
|
+
|
|
32
|
+
```bash
|
|
33
|
+
keynv # pick "keynv.dev", then "Set up this project"
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
### Option B · Self-host
|
|
37
|
+
|
|
38
|
+
Run your own server + panel in ~15 minutes — see the
|
|
39
|
+
[Coolify walkthrough](https://github.com/keynv-labs/keynv/blob/main/deploy/COOLIFY.md)
|
|
40
|
+
or [Docker Compose guide](https://github.com/keynv-labs/keynv/blob/main/deploy/README.md).
|
|
41
|
+
Then run `keynv`, choose **Self-hosted server**, and enter your API URL.
|
|
42
|
+
|
|
43
|
+
> On a headless Linux box with no OS keychain (no libsecret), set
|
|
44
|
+
> `KEYNV_DISABLE_KEYCHAIN=1` before connecting — credentials then persist to an
|
|
45
|
+
> encrypted file instead of the system keychain.
|
|
46
|
+
|
|
47
|
+
### Then run your app — the way you already do
|
|
48
|
+
|
|
49
|
+
Setup imports your existing `.env` files into the vault and writes a committable
|
|
50
|
+
`.keynv.env` that maps your environment variables to aliases. It also wraps your
|
|
51
|
+
`package.json` scripts, so you just run them normally:
|
|
52
|
+
|
|
53
|
+
```bash
|
|
54
|
+
npm run dev # secrets injected automatically — no `keynv exec` to type
|
|
55
|
+
npm test
|
|
56
|
+
```
|
|
57
|
+
|
|
58
|
+
`.keynv.env` is safe to commit — it holds references, not values:
|
|
59
|
+
|
|
60
|
+
```bash
|
|
61
|
+
OPENAI_API_KEY=@myapp.dev.openai-key
|
|
62
|
+
DATABASE_URL=@myapp.prod.db-url
|
|
63
|
+
NODE_ENV=development # plain literals pass through unchanged
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
Behind the scenes your wrapped script runs `keynv exec -- <your command>`, which
|
|
67
|
+
resolves each `@alias` against the vault and forks your command with the real
|
|
68
|
+
values in a subprocess your editor and AI agent can't read — redacting them from
|
|
69
|
+
output. **You never type `keynv exec` yourself.**
|
|
70
|
+
|
|
71
|
+
Teams get project-scoped roles (owner / admin / developer / reader), per-secret
|
|
72
|
+
access, rotation, and a tamper-evident audit log — all managed from the CLI or
|
|
73
|
+
the web panel.
|
|
74
|
+
|
|
75
|
+
## Common commands
|
|
76
|
+
|
|
77
|
+
```bash
|
|
78
|
+
keynv # interactive TUI (projects, secrets, members)
|
|
79
|
+
keynv secret create # add a secret to the vault
|
|
80
|
+
keynv secret get @a.dev.key --copy # copy a value to the clipboard without printing it
|
|
81
|
+
keynv exec -- <cmd> # run a one-off command with aliases resolved
|
|
82
|
+
keynv member list <project> # who has access to a project
|
|
83
|
+
keynv whoami # who am I logged in as
|
|
84
|
+
keynv --help # full command list
|
|
85
|
+
```
|
|
86
|
+
|
|
87
|
+
## Use with Claude Code / Cursor (MCP)
|
|
88
|
+
|
|
89
|
+
`keynv` pairs with an MCP server so AI agents can reference secrets by alias and
|
|
90
|
+
never see the value. See the
|
|
91
|
+
[AI setup guide](https://github.com/keynv-labs/keynv/blob/main/docs/ai-setup.md)
|
|
92
|
+
for wiring it into Claude Code, Cursor, and other MCP clients.
|
|
93
|
+
|
|
94
|
+
## Also: clean up leaks you already have
|
|
95
|
+
|
|
96
|
+
Secrets already sitting in your shell history or AI transcripts? These commands
|
|
97
|
+
run entirely locally — no server or login needed:
|
|
98
|
+
|
|
99
|
+
```bash
|
|
100
|
+
keynv doctor # scan for leaked secrets (read-only, no network)
|
|
101
|
+
keynv scrub # clean them up, atomically, with backups
|
|
102
|
+
keynv watch start # scrub live AI-agent sessions in real time
|
|
103
|
+
```
|
|
104
|
+
|
|
105
|
+
Match previews are bounded to 3 characters; raw secret values never appear in
|
|
106
|
+
output.
|
|
107
|
+
|
|
108
|
+
## Documentation
|
|
109
|
+
|
|
110
|
+
- [Getting started](https://github.com/keynv-labs/keynv/blob/main/docs/getting-started.md)
|
|
111
|
+
- [AI setup (Claude Code / Cursor / MCP)](https://github.com/keynv-labs/keynv/blob/main/docs/ai-setup.md)
|
|
112
|
+
- [Coolify deploy](https://github.com/keynv-labs/keynv/blob/main/deploy/COOLIFY.md)
|
|
113
|
+
- [Threat model](https://github.com/keynv-labs/keynv/blob/main/docs/02-threat-model.md)
|
|
114
|
+
- [Full README](https://github.com/keynv-labs/keynv#readme)
|
|
115
|
+
|
|
116
|
+
## License
|
|
117
|
+
|
|
118
|
+
[MIT](https://github.com/keynv-labs/keynv/blob/main/LICENSE) © keynv-labs and contributors
|