npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@redredchen01/secret-mgmt

v1.0.0

Published

Secret management CLI — generate, rotate, store, fetch, audit, share, revoke

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

redredchen01redredchen01

Keywords

claude-codeskillclisecretssecurityencryptionpasswordtoken

Readme

@redredchen01/secret-mgmt

Secret management CLI — generate, rotate, store, fetch, audit, share, revoke

npm version License: MIT

Install

npm install -g @redredchen01/secret-mgmt

Quick Start

# Generate a random password
secret-mgmt generate

# Store a secret (prompts for encryption password)
secret-mgmt store --name db-pass --value "s3cr3t"

# Retrieve it
secret-mgmt fetch --name db-pass

# Rotate it
secret-mgmt rotate --name db-pass

# Audit all secrets
secret-mgmt audit

# Share a secret with a colleague
secret-mgmt share --name api-key

# Revoke (delete) a secret
secret-mgmt revoke --name old-token

Environment Variables

| Variable | Purpose | |----------------------|------------------------------------------------------| | FOUNDRY_SECRET_PASS| Default encryption/decryption password (avoid shell history) |

Commands

generate — Generate random secret

Generate a cryptographically random secret using openssl rand (with /dev/urandom fallback).

secret-mgmt generate
secret-mgmt generate --type token --length 64
secret-mgmt generate --type uuid
secret-mgmt generate --type password --no-special --count 5
secret-mgmt generate --type hex --length 16 --json

Options: --type TYPE, --length N, --no-special, --count N, --json

Supported types: password (default), token, uuid, hex, base64

store — Store encrypted secret

Encrypt and store a secret using AES-256-CBC with PBKDF2 key derivation.

secret-mgmt store --name db-pass --value "s3cr3t"
echo "s3cr3t" | secret-mgmt store --name db-pass
FOUNDRY_SECRET_PASS=mypass secret-mgmt store --name token --value "abc"

Options: --name NAME, --value VALUE, --store DIR, --password PASS, --json

Default store: .secrets/ (created automatically, mode 700)

fetch — Retrieve encrypted secret

Decrypt and print a stored secret to stdout.

secret-mgmt fetch --name db-pass
secret-mgmt fetch --name api-key --json

Options: --name NAME, --store DIR, --password PASS, --json

rotate — Rotate a secret

Generate a new value for an existing secret. The old encrypted file is archived as {name}.{timestamp}.enc.

secret-mgmt rotate --name db-pass
secret-mgmt rotate --name api-key --type token --length 64

Options: --name NAME, --store DIR, --type TYPE, --length N, --password PASS, --json

audit — Audit secret ages

Report all secrets in the store with their age in days. Flags EXPIRED (>= max-age) and STALE (>= max-age/2).

secret-mgmt audit
secret-mgmt audit --max-age 30 --json

Options: --store DIR, --max-age DAYS (default: 90), --json

share — Share secret securely

Re-encrypt a stored secret with a separate password into a portable standalone file for sharing.

secret-mgmt share --name api-key
secret-mgmt share --name db-pass --output /tmp/db-pass.shared.enc --share-password "recipient-pass"

Recipient decrypts with:

openssl enc -d -aes-256-cbc -pbkdf2 -in {name}.shared.enc

Options: --name NAME, --store DIR, --output FILE, --password PASS, --share-password P, --json

revoke — Revoke secret

Securely delete a secret. Uses shred(1) if available; falls back to random-data overwrite before rm.

secret-mgmt revoke --name old-api-key
secret-mgmt revoke --name db-pass --force

Options: --name NAME, --store DIR, --force, --json

Security Notes

  • Encryption: AES-256-CBC with -pbkdf2 (falls back to -md sha256 on older openssl)
  • Passwords are never logged or echoed to stderr
  • Password prompts read from /dev/tty to allow piped usage
  • Store directory is created with mode 700; secret files with mode 600
  • revoke uses shred -u -z when available for secure deletion

JSON Output (Pipe Protocol)

All commands support --json for structured output compatible with the Skill Foundry pipe protocol:

secret-mgmt generate --type token --json | some-other-tool
secret-mgmt audit --json | jq '.data.expired'

License

MIT