zekerkey
v0.1.7
Published
ZekerKey CLI — copy, list, export, and inject vault credentials
Downloads
1,278
Maintainers
Readme
zekerkey
ZekerKey CLI — copy, list, export, and run commands with encrypted API credentials from your vault.
Install
npm install -g zekerkeyRequires Node.js 20+.
Quick start
zeker login
zeker unlock
zeker projects
zeker list --project "My App"
zeker copy --project "My App" stripe
zeker run --project "My App" -- npm run devInteractive shell with env loaded (replaces eval $(zeker inject)):
zeker shell --project "My App"Commands
| Command | Description |
|---------|-------------|
| zeker login | Sign in with your ZekerKey email and password |
| zeker unlock | Unlock vault with master password (per shell session) |
| zeker logout | Clear local session |
| zeker projects | List personal and team projects |
| zeker list --project <name> | List credentials |
| zeker copy --project <name> <service> | Copy key to clipboard (fuzzy match) |
| zeker export --project <name> | Write .env file |
| zeker run --project <name> -- <cmd> | Run command with env injected (CI-safe) |
| zeker shell --project <name> | Interactive shell with env injected |
| zeker inject --project <name> | Legacy shell exports (blocked in CI by default) |
| zeker policy | Show local security policy |
| zeker policy init --strict | Team policy: block reveal + inject |
Run zeker help for full options.
CI
Use zeker export or zeker run — never eval $(zeker inject). See examples/github-actions-zeker.yml.
zeker inject is blocked automatically in CI unless you pass --allow-unsafe-inject.
Team policy
On shared machines or during screen shares:
zeker policy init --strictThis writes ~/.zeker/policy.json to disable --reveal and inject. Use zeker copy instead.
Security
- Firebase client IDs are built into the CLI (public, same as the web app).
- Your master password is never written to disk.
- Session tokens use owner-only permissions (
~/.zeker/session.json).
Changelog
See CHANGELOG.md.
