stechstudio / keep
Toolkit for collaborative, secure management of secrets across applications, environments, and teams.
Installs: 22
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 0
pkg:composer/stechstudio/keep
Requires
- php: ^8.3
- ext-readline: *
- ext-sodium: *
- illuminate/console: ^12.0
- illuminate/container: ^12.0
- illuminate/support: ^12.0
- laravel/prompts: ^0.3.0
- symfony/console: ^7.0
- vlucas/phpdotenv: ^5.6
Requires (Dev)
- aws/aws-sdk-php: ^3.354
- laravel/pint: ^1.24
- mockery/mockery: ^1.5
- pestphp/pest: ^4.0
- phpstan/extension-installer: ^1.3
- phpstan/phpstan: ^2.0
- phpstan/phpstan-phpunit: ^2.0
- phpunit/phpunit: ^12.0
- symfony/var-dumper: ^7.3
Suggests
- aws/aws-sdk-php: Required to use AWS SSM and Secrets Manager vault drivers.
This package is auto-updated.
Last update: 2025-10-11 15:41:27 UTC
README
Keep is your toolkit for secure, collaborative management of application secrets across environments and teams.
Key Features
- 🔐 Multi-Vault Support - AWS SSM Parameter Store and AWS Secrets Manager
- 🖥️ Web UI - Local browser-based interface for visual secret management
- 🚀 Interactive Shell - Context-aware shell with tab completion for rapid secret management
- 🌍 Environment Isolation - Separate secrets by environment (local, staging, production)
- 📝 Template Management - Create, validate, and process templates with placeholders
- 🔄 Bulk Operations - Import, export, copy, and diff secrets across environments
- 🤝 Team Collaboration - Share secret management with proper access controls
- ⚙️ CI/CD Ready - Export secrets for deployment pipelines
- 🚀 Runtime Injection - Execute processes with injected secrets (no disk writes)
Quick Example
# Install composer require stechstudio/keep # Initialize ./vendor/bin/keep init # Interactive shell - the fastest way to work ./vendor/bin/keep shell # Set a secret ./vendor/bin/keep set DB_PASSWORD "secret" --env=production # Export to .env ./vendor/bin/keep export --env=production --file=.env # Create template from existing secrets ./vendor/bin/keep template:add --env=production # Use template with placeholders to generate .env file ./vendor/bin/keep export --env=production --template=env/production.env --file=.env # Runtime injection - execute with secrets, no .env file created ./vendor/bin/keep run --vault=ssm --env=production -- npm start
Interactive Shell
The Keep shell provides a context-aware environment for managing secrets:
$ ./vendor/bin/keep shell Welcome to Keep Shell v1.0.0 ssm:local> use production Switched to: ssm:production ssm:production> set API_KEY Value: ******** ssm:production> copy API_KEY staging ✓ Copied API_KEY to staging ssm:production> diff staging production │ Key │ staging │ production │ Status │ ├─────────┼─────────┼────────────┼────────┤ │ API_KEY │ abc... │ abc... │ ✓ │
Web UI
Keep includes a modern web interface for visual secret management:
# Start the web server ./vendor/bin/keep server # Custom port (default: 4000) ./vendor/bin/keep server --port=8080 # Don't auto-open browser ./vendor/bin/keep server --no-browser
The Web UI provides:
- Visual secret management with search and filtering
- Diff matrix view comparing secrets across environments/vaults
- Export functionality with live preview
- Import wizard for .env files with conflict resolution
- Settings management for vaults and environments
- Real-time validation and error handling
Documentation
📚 Full documentation available at https://stechstudio.github.io/keep/
- Installation & Configuration
- Interactive Shell Guide
- Deployment & Runtime
- AWS Authentication
- CLI Reference
License
The MIT License (MIT). Please see License File for more information.