██████╗██╗ ██╗██████╗ ██████╗
██╔════╝██║ ██║██╔══██╗██╔═══██╗
██║ ██║ ██║██████╔╝██║ ██║
██║ ██║ ██║██╔══██╗██║ ██║
╚██████╗╚██████╔╝██║ ██║╚██████╔╝
╚═════╝ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝
Curo CLI
Centralized secrets management for teams — straight to your terminal.
name: curo npm: @curo/cli license: MIT curo.dev
Pull your Curo project secrets directly into .env from the terminal.
Never share secrets via email, Slack, or messaging apps again.
Table of Contents
- What is Curo?
- Why Use Curo?
- How It Works
- Installation
- Quick Start
- Usage
- Commands
- Keyboard Shortcuts
- Configuration
- What Gets Stored Locally
- Security Model
- Why a CLI Instead of a Web Dashboard?
- Requirements
- Troubleshooting
- Contributing
- Support
- License
What is Curo?
Curo is a centralized secrets management platform — think Doppler or HashiCorp Vault, but dead-simple to use.
You manage your secrets (API keys, database URLs, admin credentials, etc.) on curo.dev — create projects, invite your team, define environments, and assign access roles. This CLI pulls those secrets straight into your local .env file inside your project, so your application never needs to know where the secrets actually live.
Why Use Curo?
The Problem
How most teams share secrets today:
| Method | Risk |
|---|---|
| Email or Slack message | Stored forever in inboxes — any compromised account leaks everything |
| Shared spreadsheet | No audit trail, no access control, easily leaked |
| Messaging app (WhatsApp, Telegram, etc.) | Zero governance — anyone in the chat sees every secret |
| Pasting in meetings / screenshots | Visible to everyone on screen — no revocation |
.env files committed to Git |
A single accidental push exposes every credential |
Every one of these methods is insecure, unscalable, and unaccountable.
The Solution
Curo gives your team a single source of truth for every secret:
- Centralized — one place to create, update, and revoke secrets across all projects
- Role-based access — developers get read-only access to secret names; only admins can view or edit values
- Auditable — every access is authenticated, so you know exactly who pulled what and when
- No secret sharing — developers pull from Curo instead of asking each other for passwords
- Local only — secrets are written to your local
.env; Curo never stores or syncs it - Accidental-commit safe — works with your existing
.gitignored.envworkflow
How It Works
curo.dev (web app)
│
Create projects, add secrets,
invite your team
│
▼
┌──────────────────────────────┐
│ curo (open the CLI) │
│ │
│ /login authenticate │
│ /projects pick a project │
│ pull write .env │
└──────────────────────────────┘
│
▼
local .env file
- Sign up at curo.dev and create a project.
- Add secrets (database URL, API key, etc.) through the web dashboard.
- Invite your team and assign roles (developer / admin / viewer).
- Open the CLI by running
curoin your terminal. - Type
/loginto authenticate with your Curo account. - Type
/projectsto browse and select your project. - Press
Enterto open the project, then select pull .env — your.envis generated instantly. - Never manually handle a secret again. Remove a teammate from a project on curo.dev and their access is revoked instantly — no key rotation required.
Installation
Global install (recommended):
npm install -g @curo/cli
Or run on demand, without installing:
npx @curo/cli
Other package managers:
yarn global add @curo/cli
pnpm add -g @curo/cli
Quick Start
# Install
npm install -g @curo/cli
# Launch the interactive CLI
curo
# Inside the CLI interface:
# 1. /login → authenticate with your Curo account
# 2. /projects → select a project
# 3. Enter → open the project
# 4. pull .env → write secrets to ./.env
That's it — your .env is ready and your application can boot normally.
Usage
Running curo with no arguments launches the interactive terminal interface:
██████╗██╗ ██╗██████╗ ██████╗
██╔════╝██║ ██║██╔══██╗██╔═══██╗
██║ ██║ ██║██████╔╝██║ ██║
██║ ██║ ██║██╔══██╗██║ ██║
╚██████╗╚██████╔╝██║ ██║╚██████╔╝
╚═════╝ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝
╭──────────────────────────────────────────────╮
│ Type a command, e.g. "/projects" │
│ my-app · developer@company.com │
╰──────────────────────────────────────────────╯
type / for commands ↑↓ navigate enter select esc clear
● Tip Try /projects to browse your projects
Everything is keyboard-driven — type / to see the full command list, or just start typing to search.
Commands
All commands are typed inside the CLI interface.
| Command | Action |
|---|---|
/login |
Authenticate, or switch to a different account |
/projects |
Browse and select a project |
/settings |
View your profile, CLI version, and clear local data |
/logout |
Sign out and clear your local session |
Once a project is selected, press Enter to open it. Inside the project you'll see:
| Action | What it does |
|---|---|
| pull .env | Writes every secret to .env in the current directory |
| refresh | Reloads the secret list from the server |
pullalways replaces the full.envfile rather than merging keys. Backup your existing.envbefore pulling if you have custom entries.
Keyboard Shortcuts
| Key | Action |
|---|---|
↑ / ↓ |
Navigate lists / suggestion dropdown |
Enter |
Confirm selection |
Esc |
Go back / clear current input |
Ctrl+C |
Exit the application |
Configuration
| Environment Variable | Default | Description |
|---|---|---|
CURO_API_URL |
http://localhost:5000/api/v1 |
Override the backend API base URL (useful for self-hosted or staging environments) |
# Example: point the CLI at a staging environment
CURO_API_URL=https://api.staging.curo.dev/v1 curo
What Gets Stored Locally
The CLI stores only an authentication token on your machine — never any secret values.
| Platform | Location |
|---|---|
| macOS / Linux | ~/.config/curo/config.json |
| Windows | %APPDATA%\curo\config.json |
This token authenticates your API requests. Clear it any time via /settings → clear local data, or by running /logout.
No secrets are ever cached to disk by the CLI itself. Every
pullfetches secrets fresh from the server and writes them directly to.env. Delete the token file and you're completely signed out.
Security Model
| Concern | How Curo handles it |
|---|---|
| Token storage | Stored locally via a secure config store — never exposed outside the CLI process |
| API transport | Encrypted over HTTPS end-to-end (configurable via CURO_API_URL) |
| Auth expiry | Tokens expire and require periodic re-authentication |
Local .env |
Written to disk by the CLI — you own the file, not Curo |
| Secret visibility | Role-based — developers see names only, admins see values |
| Revocation | Remove a team member on curo.dev → their CLI access is revoked instantly |
| Compromised machine | Run /logout or clear local data — the token is invalidated server-side |
Why a CLI Instead of a Web Dashboard?
Secrets belong in your development environment, not in a browser tab. The CLI:
- Writes secrets directly to
.envwhere your app actually reads them - Works offline once authenticated, until the next
pull - Drops into your existing workflow (
curo pull && npm run dev) - Never touches browser history, cookies, or
localStorage
Requirements
- Node.js
>= 18 - npm, yarn, or pnpm
- A curo.dev account with at least one project
Troubleshooting
curo: command not found after install
Make sure your global npm bin directory is on your PATH. Run npm config get prefix and confirm <prefix>/bin is included in your shell's PATH.
pull overwrites my existing .env
The CLI always replaces the full .env file rather than merging keys. Back up your file before pulling if you have custom entries you want to keep.
Authentication keeps expiring
Tokens have a limited lifetime for security. Run /login again to re-authenticate — this is expected behavior, not a bug.
Need to fully reset the CLI
Run /settings → clear local data, or manually delete the config file listed in What Gets Stored Locally.
Contributing
Issues and pull requests are welcome. Please open an issue first for significant changes so we can discuss the approach before you put in the work.
git clone https://github.com/curo-dev/cli.git
cd cli
npm install
npm run build
npm start
Support
- Docs: curo.dev/docs
- Issues: github.com/curo-dev/cli/issues
- Email: support@curo.dev
License
MIT Curo