Scrt: A CLI secret manager for developers, sysadmins and DevOps
github.comI thought SOPS with age is what we were doing now. Do we need yet another tooling?
There's also https://github.com/jdx/fnox
One of the first tasks I had for Claude was to build a protected KV store out of keepassx.cli. Out of the box I got a beautiful gui for seeding initial secrets while giving me a nice scriptable, non-interactive tool for injecting secrets into infrastructure bootstrapping.
"also" is a strong word for a project this young. It was started in October 2025, does not have any issues (at all) and is completely vibe coded. Not starting a discussion about security & vibe coding now, but I wouldn't blindly recommend such a nascent project if compared to something mature like SOPS.
Lol it's the guy who makes mise https://mise.jdx.dev, so I don't think it's a "vibe-coded" project)
Oh there are vibes; claude & copilot are a contributors on both misa and fnox, gemini even gets in on fnox (poor OpenAI)
SOPS with Age is simple, and simple is good. I strongly recommend this approach.
SOPS is simple? You are kidding me. Pass from https://www.passwordstore.org/ fame is simple. SOPS is ultra-complicated for a security tool.
I dunno, it seems mostly simple to me.
You have a .sops.yaml with some Age public keys, and then you run “sops secrets.yml” to create an encrypted file.
Can you explain what you find complicated about sops? I've used it with ease for the last two years, both personally and professionally.
Possibly of interest to readers (but not directly competing) is securestore, our open-source, open-protocol, cross-language framework (cli tool + libraries) for securely storing secrets and programmatically retrieving them in production: https://neosmart.net/blog/securestore-open-secrets-format/
donet version: https://github.com/neosmart/SecureStore
rust version: https://github.com/neosmart/securestore-rs
(This one is production ready)
Looks like every other CLI manager I've ever seen. It says not ready for production use. What's different for this than the others?
The latest release was June 2022 and the last non dependabot commit was March 2023, until new activity 4 days ago using AI. Why should anyone use this?
How does it compare to https://github.com/jdx/fnox
I wonder what does the solution do differently than the rest of the CLI managers?
Dangerously close to "scrot" which is both an X11 screenshot tool and general slang for a screenshot.
Ive been working with Linux for 25ish years and have never heard of scrot. I think there's low probability of confusion lol.
Really? That's surprising. I guess if you mostly used it on servers or if you used default GNOME/KDE you might not run into it. It was the go-to screenshot tool for anyone using openbox, i3, most small WMs. A more universal tool than whatever DE-specific thing GNOME would use. You run it from the CLI, but commonly you'd bind a key to run your one-liner(s) of choice. Commonly used to do crop-style screenshots similar to what macOS binds to cmd-shift-4. Tons of people I know were using it for years. It was somewhat overtaken by maim in later years, and then on Wayland replaced by slurp/grim, but I still call screenshots "scrots" a lot of the time.
Same. First time hearing about scrot.