Is Passkeys CLI secure for storing sensitive passwords?

Yes, Passkeys CLI uses AES-GCM authenticated encryption with Argon2 key derivation function. Your master password never leaves your machine, and all encryption happens locally with zero-knowledge architecture.

What platforms does Passkeys CLI support?

Passkeys CLI runs on macOS, Linux, and Windows. It requires Python 3.9+ and works in any terminal environment.

How does Passkeys CLI compare to other password managers?

Unlike cloud-based password managers, Passkeys CLI is local-first, open-source, and designed specifically for developers. It integrates seamlessly into terminal workflows and provides enterprise-grade encryption.

Can I sync my passwords across devices?

Yes, you can sync your encrypted vault via git repositories or your preferred cloud storage provider. The vault remains encrypted at all times.

Passkeys CLI - Secure Password Manager for Developers

v1.0 is now available

Secure Password Manager
for Developers

Stop storing credentials in plain text. Use Passkeys CLI to encrypt, manage, and access your secrets directly from your terminal workflow.

Download CLI View Source

passkeys — bash — 80x24

╔════════════════════════════════════════╗
║  Passkeys CLI - Main Menu              ║
╠════════════════════════════════════════╣
║  1. View passkeys                      ║
║  2. Create passkey                     ║
║  3. Update passkey                     ║
║  4. Delete passkey                     ║
║  5. Generate password                  ║
║  6. Exit                               ║
╚════════════════════════════════════════╝

➜Choose an option: 1

Your Passkeys

Service

Username

55cad2bf-05d3-4d1a-9163-70bad704482f

aws-prod-db

admin_root

ID: 55cad2bf-05d3-4d1a-9163-70bad704482f

Service: aws-prod-db

User: admin_root

a04c1af5-d23f-4562-8b78-416223736651

stripe-api

payments-svc

ID: a04c1af5-d23f-4562-8b78-416223736651

Service: stripe-api

User: payments-svc

a6e722d5-4333-49cb-a57c-19af7b79d8e1

redis-cache

cache-worker

ID: a6e722d5-4333-49cb-a57c-19af7b79d8e1

Service: redis-cache

User: cache-worker

2926f0bc-e9c2-4336-9e03-8e0849459d03

github-ci

build-bot

ID: 2926f0bc-e9c2-4336-9e03-8e0849459d03

Service: github-ci

User: build-bot

e1d8e6d1-f80b-484e-b7b9-31a9e4b2b9e0

openai-api

api-key

ID: e1d8e6d1-f80b-484e-b7b9-31a9e4b2b9e0

Service: openai-api

User: api-key

➜~

Enterprise-Grade Security

Built with modern cryptography standards to ensure your data stays yours. No compromises on security or usability.

AES-GCM Encryption

Authenticated encryption with associated data (AEAD) ensures confidentiality and data integrity for every secret stored.

Argon2 KDF

Winner of the Password Hashing Competition. Highly resilient against GPU-based brute-force attacks and side-channel exploits.

Cross-Platform

Write once, run everywhere. Seamless experience across macOS, Linux, and Windows terminals with consistent keybindings.

Zero-Knowledge

We never see your master password or keys. Your vault is decrypted only in memory on your local machine.

Local-First

Your data lives on your disk. Sync optionally via encrypted git repositories or your own cloud storage provider.

Audit Logging

Comprehensive immutable logs track every access, modification, and export event for compliance and security auditing.

Get started in seconds

Passkeys CLI is distributed as a Python package. Install it globally and initialize your first vault with a single command.

Requires Python 3.9+

Open Source (MIT)

bash

$pip install passkeys-cli

$passkeys-cli

Our Security Philosophy

We believe that developer tools should be secure by default, not by configuration. Passkeys CLI is architected around the principle that your secrets are most vulnerable when they leave your machine. By keeping encryption local and utilizing memory-safe handling for sensitive buffers, we minimize the attack surface significantly compared to cloud-native alternatives.

Why Argon2id?

We chose the Argon2id variant for Key Derivation because it provides a hybrid resistance against both side-channel attacks and GPU cracking farms. This ensures that even if your encrypted vault file is stolen, brute-forcing the master password remains computationally prohibitive.

Frequently Asked Questions

Common questions about Passkeys CLI security, features, and usage