Stash - The friendly secret storage made for teams
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Logo Stash - Team secret management made simple

Build Status

Stash is a graphical password and secret storage and management tool designed for collaboration, security and ease-of-use.

It features full end-to-end encryption and does not require a server component, giving you full control over who is able to access your secrets.

Stash will always be fully open-source without any subscriptions, "premium" features or hidden gotchas. You are free to use Stash in any environment, including commercially, as long as you respect the GPL license.


  • Desktop application for Windows/Linux/Mac
  • Asymmetric end-to-end encryption using RSA and AES256
  • No server component required, secrets are stored and versioned by a simple git repository
  • Stores login credentials or any type of secret files
  • Fully featured user and access rights management
  • Git-based data integrity protection and audit log
  • Batteries included: No external tools, complex setup or command line usage required


Download the latest release from the releases page: GitHub release .

For Debian or Ubuntu, add our Bintray repository to your sources, then install the package:

sudo apt-key adv --keyserver hkp:// --recv-keys 379CE192D401AB61
echo "deb stable main" | sudo tee -a /etc/apt/sources.list
sudo apt update && sudo apt install stash-electron

Official Arch Linux packages are available in AUR named stash-electron and stash-electron-git.

Development snapshots are available for all platforms by installing the stash-electron-git package or downloading from the snapshots repository: Download

Getting started

Stash requires a git repository to store its data. It is highly recommended to use a private, password-protected repository. All data is encrypted, the server owner will never get access to your secrets. Some free choices:

  •, free private repository for up to 5 users
  • Perforce Helix TeamHub, free private repository for up to 5 users
  •, unlimited free private repositories
  • Self-hosted: Run git init --bare on any accessible server

After creating the git repo, run Stash and navigate to the Settings page.

  1. Clone your repository to an empty folder by clicking Add, then selecting the Clone option.
  2. Configure your private key by clicking the highlighted Account status icon in the top right corner. You may either load an existing private key (e.g. SSH key, all formats incl. Putty supported), or generate a new key by clicking the button. You should always password-protect your private key.
    ⚠️ Your private key is your access pass to your secrets. If you lose your key, you lose access to all your secrets, and there is no way of recovery. So keep your key safe and secure, back it up and never share it with anyone!
  3. Add yourself to the list of known users on the Users page (add user -> use my key). All users and public keys must be known to Stash. Do not forget to save your changes.
  4. Open the Browser page and initialize the repository permissions by authorizing yourself on the root folder: Right-click on the root folder, select Permissions, toggle your user and confirm with Save.
  5. Your repository is now fully set up and ready for you to start creating folders and secrets!
  6. Every change you make automatically creates a git commit. Use the flashing icon in the top right to push/share your changes.


Stash is a Node.js/React application running on Electron. To start development, you will need a recent Node.js/npm installation.


First, clone the repo via git:

git clone stash-electron

And then install dependencies with npm.

cd stash-electron
npm install


Start the app in the dev environment. This starts the renderer process in hot-module-replacement mode and starts a webpack dev server that sends hot updates to the renderer process:

npm run dev


To package apps for the local platform:

npm run package

To package apps for all platforms:

First, refer to Multi Platform Build for dependencies.


npm run package all


Versioning is done automatically based on git tags and commits. You should never have to set the version in package.json manually. Every git commit on master publishes a snapshot release to bintray.

To create a final release, follow these steps to ensure the release is published correctly:

  1. Follow the guidelines of (Semantic Versioning)[] to determine a version number.
  2. Ensure is complete, then update the release date and version and push the changes.
  3. Wait for the Travis build to complete and publish a snapshot.
  4. Perform any necessary tests on the snapshot version.
  5. Draft a new Github release, using vx.y.z as the tag name and x.y.z as the release name.
  6. After Travis has uploaded the files, copy the notes from and publish the release.


GPLv3 © M. Piepkorn