npm.io
2.5.1 • Published yesterdayCLI

jseeqret

Licence
MIT
Version
2.5.1
Deps
7
Size
298 kB
Vulns
0
Weekly
0
Stars
2

jseeqret

cicd codecov npm version Socket Badge downloads

JavaScript/Electron/Svelte 5 port of seeqret - a secure secrets manager.

Fully compatible with Python seeqret vaults - reads and writes the same database, encryption keys, and formats.

Exchanging Secrets Between Users

Secret exchange between Alice and Bob

Each user has their own vault with a keypair (X25519). The introduction command outputs a ready-to-paste add user command containing the user's public key. The export -s command serializer outputs one jseeqret load command per secret — encrypted with the recipient's public key, safe to send over Slack or email.

Installation

npm (library + CLI)
npm install -g jseeqret
Windows installer

Download the signed installer from the latest release.

The installer ships the GUI only and does not add the jseeqret command to your PATH -- the GUI covers the full onboarding flow, so a terminal is never required. If you also want the CLI (e.g. for scripting invites/approvals), install it separately with npm install -g jseeqret.

CLI Usage

# Initialize a new vault
jseeqret init . --user myuser --email user@example.com

# Add a secret
jseeqret add key DB_PASSWORD "s3cret" --app myapp --env prod

# List secrets
jseeqret list
jseeqret list -f "myapp:prod:*"

# Get a secret value
jseeqret get "myapp:prod:DB_PASSWORD"

# Edit a secret
jseeqret edit value "myapp:prod:DB_PASSWORD" "new-value"

# Remove a secret
jseeqret rm key "myapp:prod:DB_PASSWORD"

# User management
jseeqret users
jseeqret owner
jseeqret whoami
jseeqret public-key

# Multi-vault management
jseeqret vault add myvault /path/to/vault
jseeqret vault use myvault
jseeqret vault list

# Export/import
jseeqret backup -o vault.html   # password-protected, self-decrypting HTML
jseeqret export --to otheruser
jseeqret load -f export.json
jseeqret env                    # generate .env from template
jseeqret importenv .env         # import .env file

Library API

import { get, get_sync, init, close } from 'jseeqret'

// Async
const value = await get('myapp:prod:DB_PASSWORD')

// Sync
const value = get_sync('myapp:prod:DB_PASSWORD')

Electron GUI

pnpm dev       # development with hot reload
pnpm build     # production build
pnpm dist:nsis # build signed Windows installer

Architecture

  • src/core/ - Shared library (crypto, storage, models, API)
  • src/cli/ - CLI interface (Commander.js)
  • src/main/ - Electron main process
  • src/preload/ - Electron preload (IPC bridge)
  • src/renderer/ - Svelte 5 UI with runes

Encryption

  • At rest: Fernet (AES-128-CBC + HMAC-SHA256) - identical to Python cryptography.fernet
  • In transit: X25519 + XSalsa20-Poly1305 via tweetnacl - compatible with PyNaCl

Dependencies

  • sql.js - Pure JS SQLite (WASM, no native bindings)
  • tweetnacl / tweetnacl-util - NaCl crypto
  • commander - CLI framework
  • cli-table3 - Terminal tables
  • electron-vite - Electron + Vite + Svelte 5

License

MIT

Keywords