Tagline: Sync your secrets securely, SSH-style. 🔐
KeySync is a free, developer-first tool designed for remote teams to manage environment variables and secrets securely. It uses SSH keys as identity, ensuring that only authorized team members can decrypt and access secrets.
Zero Knowledge: The server never sees plaintext secrets. Local-First: Encryption happens on your machine.
Current Phase: Repo Setup & Architecture Plan
See detailed documentation in the goal/ folder:
goal/keysync.txt- Core philosophy & overviewgoal/tech-stack.txt- Go & age encryption stackgoal/plan.txt- Build roadmapgoal/api.txt- CLI & API referencegoal/analytics.txt- Metadata-only analytics plan
One-line install (Mac & Linux):
curl -sL https://raw.githubusercontent.com/thejamesnick/keysync/main/install.sh | bashOr install from source:
go install github.com/thejamesnick/keysync@latest# 1. Setup your identity
keysync generate --email me@example.com # (If you don't have keys)
keysync signup --email me@example.com --me # Auto-finds your key
# 2. Create a project
keysync init
# 3. Add team members (Magic!)
keysync add-key github:username # Import from GitHub
keysync add-key --me # Add yourself quickly
keysync add-key bob.pub # Or use a file
# 4. Push encrypted secrets
keysync push # Encrypts .env -> secrets.enc
keysync pull # Decrypts secrets.enc -> .envFind your own keys:
keysync whoami- Authentication: Challenge-response via SSH keys. No passwords.
- Access Control: Per-project/environment authorization.
- Uses age / Go crypto libraries.
- Secrets are encrypted independently for every authorized public key.
- Server stores only encrypted blobs.
KeySync is built in public. Check out our Build Plan to see what we're working on next.
MIT License © 2026 KeySync