Vaultix Docs

Documentation

Vaultix is a fully zero-knowledge, client-side encrypted secret manager designed for modern development teams. Securely manage environment variables, API keys, and certificates without ever exposing them to the server.

Zero-Knowledge

We never see your secrets. Encryption happens entirely on your machine.

CLI Driven

Inject secrets directly into your processes. No more .env files on disk.

🚀 Key Features

  • End-to-End Encryption

    Secrets are encrypted client-side using Libsodium (Argon2id + XChaCha20-Poly1305). Only you hold the decryption keys.

  • Developer-First CLI

    Standalone tool to inject secrets into your dev environment or CI/CD pipelines at runtime.

  • Secure Team Sharing

    Collaborate on vaults using public-key cryptography. Individual vault keys are re-encrypted for each member.

  • Zero-Knowledge Architecture

    The server acts strictly as an encrypted storage engine. We cannot access your data.

📦 CLI Installation

1macOS / Linux

curl -fsSL https://raw.githubusercontent.com/tsiresymila1/vaultix/main/cli/install.sh | sh

2Windows (PowerShell)

iwr -useb https://raw.githubusercontent.com/tsiresymila1/vaultix/main/cli/install.ps1 | iex

🛠 Basic Usage

1. Authenticate

Log in to link your local CLI with your Vaultix account.

$vaultix login

2. Initialize Project

Navigate to your project folder and link it to a vault.

$vaultix init

3. Run with Secrets

Inject secrets directly into your application command. Variables are only available in memory.

$vaultix run -- npm start

4. Export .env (Optional)

If you need a traditional .env file for legacy tools.

$vaultix export --env Production > .env

🔐 Security Model

Deep Dive into Zero-Knowledge

Vaultix uses a multi-layered cryptographic approach to ensure total data sovereignty:

  • KDF (Argon2id)

    Your master password is never sent. It's hashed locally with 64MB of memory to derive your Master Key.

  • Identity (X25519)

    Every user has a Curve25519 keypair. Private keys are stored in Vaultix, but are encrypted with your Master Key.

  • Vault Keys

    Vaults have unique symmetric keys (XChaCha20). When shared, this key is encrypted with the recipient's public key.