Skip to content
/ nutvault Public

Nutvault is a lightweight Go CLI for securely managing environment variables. It lets you collect, fill, swap, and clear project secrets locally using an encrypted vault tied to the user's key.

3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

adeptofvoltron/nutvault

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
.github
.github
 
 
cmd/nutvault
cmd/nutvault
 
 
internal
internal
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
notvault_logo.png
notvault_logo.png
 
 
release.sh
release.sh
 
 

Repository files navigation

nutvault

nutvault logo

Usage

nutvault is a CLI tool for managing encrypted environment variable vaults. It provides secure storage and retrieval of environment variables from .env files.

Commands

Collect

Collect variables from a .env file and save them to a vault project.

# Collect from default .env file with default key
nutvault collect myproject

# Collect from custom .env file
nutvault collect myproject --env-file .env.production

# Collect with custom key file
nutvault collect myproject --key-file ~/.nutvault/mykey.hex

The collect command reads all variables from a .env file and saves them to an encrypted vault project. The project is stored at ~/.nutvault/projects/<projectName>.<hash>.

Fill

Fill empty variables in a .env file with values from the vault.

# Fill empty variables in default .env file
nutvault fill myproject

# Fill empty variables in custom .env file
nutvault fill myproject --env-file .env.production

# Fill with custom key file
nutvault fill myproject --key-file ~/.nutvault/mykey.hex

The fill command reads variables from a vault project and fills only empty variables in a .env file. Variables that already have values are not modified.

Swap

Replace all variable values in a .env file with values from the vault.

# Swap all variables in default .env file
nutvault swap myproject

# Swap all variables in custom .env file
nutvault swap myproject --env-file .env.production

# Swap with custom key file
nutvault swap myproject --key-file ~/.nutvault/mykey.hex

The swap command reads variables from a vault project and replaces all variable values in a .env file. All existing variable values will be overwritten with values from the vault.

Remove

Delete a vault project and all its contents.

# Remove project with default key
nutvault remove myproject

# Remove project with custom key file
nutvault remove myproject --key-file ~/.nutvault/mykey.hex

The remove command deletes an entire vault project and all its contents. This operation cannot be undone.

List

List all vault projects.

# List all projects
nutvault list

The list command displays all vault projects stored in ~/.nutvault/projects/. For each project, it shows the project name, hash, path, and number of variables.

Options

  • --env-file, -e: Path to .env file (default: .env in current directory)
  • --key-file, -k: Path to key file in hex format (default: use default user key)

Key Files

If no key file is specified, nutvault uses a default key generated deterministically from your user and host information. For custom encryption keys, provide a key file containing exactly 64 hex characters (32 bytes).

Installation

Download from GitHub Releases

You can download the latest pre-built binary for your platform from GitHub Releases.

Linux (amd64)

curl -sL https://github.com/adeptofvoltron/nutvault/releases/download/v1.0.1/nutvault-linux-amd64 -o /usr/local/bin/nutvault
chmod +x /usr/local/bin/nutvault

Linux (arm64)

curl -sL https://github.com/adeptofvoltron/nutvault/releases/download/v1.0.1/nutvault-linux-arm64 -o /usr/local/bin/nutvault
chmod +x /usr/local/bin/nutvault

macOS (amd64)

curl -sL https://github.com/adeptofvoltron/nutvault/releases/download/v1.0.1/nutvault-darwin-amd64 -o /usr/local/bin/nutvault
chmod +x /usr/local/bin/nutvault

macOS (arm64)

curl -sL https://github.com/adeptofvoltron/nutvault/releases/download/v1.0.1/nutvault-darwin-arm64 -o /usr/local/bin/nutvault
chmod +x /usr/local/bin/nutvault

Windows

Download nutvault-windows-amd64.exe from the releases page and add it to your PATH.

Or use curl:

curl -sL https://github.com/adeptofvoltron/nutvault/releases/download/v1.0.1/nutvault-windows-amd64.exe -o nutvault.exe

Build from Source

git clone https://github.com/adeptofvoltron/nutvault.git
cd nutvault
go build -o nutvault ./cmd/nutvault

Releasing a New Version

To create a new release and publish binaries to GitHub Releases:

  1. Build binaries for all platforms:

    ./release.sh

    This will create binaries in the dist/ directory for:

    • Linux (amd64, arm64)
    • macOS (amd64, arm64)
    • Windows (amd64, arm64)

  2. Create and push a Git tag:

    git tag -a vX.Y.Z -m "release X.Y.Z"
git push origin vX.Y.Z

  3. Create a GitHub Release using GitHub CLI:

    gh release create vX.Y.Z dist/* --title "vX.Y.Z" --notes "Release notes"

    Or create the release manually on GitHub and upload the files from the dist/ directory.

The release.sh script builds optimized binaries with -ldflags "-s -w" for smaller file sizes and automatically generates SHA256 checksums for each binary.

About

Nutvault is a lightweight Go CLI for securely managing environment variables. It lets you collect, fill, swap, and clear project secrets locally using an encrypted vault tied to the user's key.

Resources

Readme
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 2

v1.0.1 Latest
Dec 17, 2025
+ 1 release

Packages

No packages published

Languages