A professional command-line tool for securely storing and managing sensitive information such as API keys, access tokens, and service credentials. All data is encrypted using AES-256-GCM and stored locally.
- π AES-256-GCM encryption with scrypt key derivation (N=32768, r=8, p=1)
- π Master password protection - never stored, only hashed
- π On-demand unlock - prompts for password when needed, no manual unlock required
- π Project-based organization - group secrets by application/service
- π Clipboard integration with automatic clearing after TTL
- π Search functionality for quick access across all projects
- π Environment file export (.env generation) for development workflows
- π Cross-platform support (macOS, Linux, Windows)
- π Secure file permissions - vault files created with 0600 permissions
- Memory safety: Sensitive data cleared from memory immediately after use
- No password storage: Only password hash stored for verification
- No session persistence: Password required for each vault operation (stateless)
- Secure vault location:
- macOS/Linux:
~/.uzp/uzp.vault - Windows:
%USERPROFILE%\.uzp\uzp.vault
- macOS/Linux:
# NPM (Recommended)
npm install -g uzp-cli
# Alternative package managers
yarn global add uzp-cli # Yarn
pnpm add -g uzp-cli # PNPM
bun add -g uzp-cli # Bun
# Manual installation
git clone https://github.com/hungnguyen18/uzp-cli.git
cd uzp-cli && go build -o uzp
# NPM Registry Configuration (if needed)
cp .npmrc.example .npmrc # Edit for custom registries# 1. Check installation
uzp -v # Verify installation
# 2. Initialize vault with master password
uzp init
# 3. Add your first secret
uzp add
# Project: myapp
# Key: api_key
# Value: sk-1234567890abcdef
# 4. Use your secrets
uzp get myapp/api_key # Display secret
uzp copy myapp/api_key # Copy to clipboard
uzp inject -p myapp > .env # Export as .env file| Command | Description | Example |
|---|---|---|
uzp init |
Initialize new vault | uzp init |
uzp add |
Add a secret | uzp add |
uzp get <project/key> |
Get secret value | uzp get myapp/api_key |
uzp copy <project/key> |
Copy to clipboard | uzp copy myapp/api_key |
uzp update <project/key> |
Update existing secret | uzp update myapp/api_key |
uzp list |
List all secrets | uzp list |
uzp search <keyword> |
Search secrets | uzp search api |
uzp inject -p <project> |
Export to .env format | uzp inject -p myapp > .env |
uzp reset |
Delete all data | uzp reset |
uzp -v, --version |
Show version information | uzp -v |
UZP-CLI follows security-first principles:
- π Encryption: AES-256-GCM with random salts and nonces
- π Key Derivation: scrypt with secure parameters (N=32768, r=8, p=1)
- π‘οΈ Password Protection: Master password never stored, only its hash
- π§Ή Memory Safety: Sensitive data cleared from memory after use
- π File Permissions: Vault files created with 0600 (user-only access)
- π Clipboard Safety: Automatic clearing after configurable TTL
β οΈ Never share your master password- π Keep your vault file secure and backed up
- π Use a strong, unique master password (12+ characters recommended)
- π« Don't store your master password in scripts or files
For security issues, see our Security Policy.
# Check version and initialize
uzp -v # Check installed version
uzp init # Initialize vault
# Add secrets
uzp add # myapp/api_key
uzp add # myapp/database_url
uzp add # aws/access_key_id
# Use secrets in development
uzp inject -p myapp > .env.local
uzp inject -p aws > aws.env
uzp copy myapp/api_key
# Search and manage
uzp list # View all secrets
uzp search database # Find specific secrets
uzp update myapp/api_key # Update existing values# Export project secrets
uzp inject -p myapp > .env
# Multiple environments
uzp inject -p myapp > .env.local
uzp inject -p myapp-prod > .env.production
# Preview before export
uzp inject -p myappGenerated .env format:
# Environment variables for project: myapp
# Generated by uzp
API_KEY=your_secret_value
DATABASE_URL=postgresql://user:pass@host:5432/dbNew contributors: Get started quickly with the Quick Start section in our Contributing Guide! β‘
Our Contributing Guide covers everything from 5-minute setup to comprehensive development practices, security requirements, and submission process.
Thank you for helping make UZP-CLI more secure! π
Release Information:
- π Latest: Check GitHub Releases for newest version
- π Schedule: Monthly minor releases, patches as needed for critical bugs
- π¦ Versioning: Follows Semantic Versioning (vMAJOR.MINOR.PATCH)
- π Notes: Detailed release notes with features, fixes, and contributor credits
# Check your installed version
uzp -v # Short form
uzp --version # Long form
# Update to latest version
npm update -g uzp-cliGet Help:
- π Bug Reports - Report issues
- π‘ Feature Requests - Suggest improvements
- β Questions - Ask the community
- π Security Issues - Private security reporting
Resources:
- π Contributing Guidelines - Development and contribution guide
- π Security Policy - Security practices and vulnerability reporting
- π¦ NPM Package - Official package
- ποΈ Technical Docs - Internal documentation for maintainers
- π License - MIT License
UZP-CLI - Your secrets, secured locally. π