A secret management tool that helps you manage and inject secrets into your environment. Supports 1Password CLI, Vault and shell commands.

You can install psst in several ways:

npm install -g @lucaconlaq/psst

npx @lucaconlaq/psst

mise is a modern version manager that makes it easy to manage multiple versions of tools. To install psst with mise:

mise use npm:@lucaconlaq/psst

This is the recommended way to install psst as it provides better version management and isolation.

Open the interactive console to manage your secrets:

psst

Run any command with your secrets injected into its environment:

psst <any command>

# Open a shell with secrets
psst zsh

# Run a development server
psst npm run dev

# View injected secrets
psst env

# Use secrets in a shell command
psst sh -c 'echo $A_SECRET'

psst looks for a config file in this order:

1. Use PSST_CONFIG if it is set.
2. Look for psst.json or .psst.json in the following locations:
   • Current directory
   • Parent directories (up to and including the home directory)
3. If no configuration file is found, use .psst.json in the current directory.

If the file does not exist, it will be created when the first secret is added via the console.

Example config:

{
  "API_KEY": {
    "source": "op",
    "value": "op://vault/item/field"
  }
}

This tool has only been tested on macOS. While it may work on other Unix-like systems, it hasn't been thoroughly tested on them.