Secure Token Management for Modern Teams
TokenCap is an obsidian-grade CLI tool designed to simplify how developers manage environment secrets and API tokens. It provides a local-first, low-latency interface to securely inject, rotate, and redact sensitive information across your entire stack.
Built for Performance
TokenCap operations complete in sub-10ms, ensuring zero impact on your build pipelines.
Installation
Install the global CLI using your preferred package manager.
Getting Started
Initializing your first workspace takes seconds. Run the init command to create your local vault.
Step 1: Init
Create your project-specific encryption key and .tokencap registry.
tokencap initStep 2: Make
Scan your environment and safely package tokens into local storage.
tokencap makeCLI Usage
Powerful commands for high-performance development workflows.
[14:02:45] Found change in .env.local
[14:02:45] SUCCESS Tokens updated and encrypted.
Open the global interactive configuration panel.
Configuration
Customize TokenCap using a .tokencaprc file in your root directory.
{
"version": "2.4.0",
"encryption": {
"algorithm": "aes-256-gcm",
"key_provider": "local-keyring"
},
"profiles": {
"development": {
"auto_rotate": true,
"mask_secrets": true,
"allowed_hosts": ["localhost", "*.test"]
},
"production": {
"mfa_required": true,
"audit_logs": "/var/logs/tokencap.log"
}
},
"redaction": {
"patterns": ["password", "secret", "token_key"]
}
}Secret Redaction
Never leak a token in your logs again. TokenCap intercepts stdout and masks sensitive data patterns automatically.
Troubleshooting
Command 'tokencap' not foundexpand_more
echo $PATH.Keyring access deniedexpand_more
libsecret-1-dev is installed.