Encrypted clipboard history manager with AES-256 encryption and fuzzy search.
clipvault is a powerful, security-first CLI tool that keeps an encrypted history of everything you copy to the clipboard. All entries are protected with AES-256-GCM encryption using a master password — even if someone steals your database file, they can't read your clipboard history without the key.
- AES-256-GCM Encryption — Every clipboard entry encrypted at rest with authenticated encryption
- Auto-detect Sensitive Data — Flags credit cards, API keys, JWTs, SSH keys, passwords automatically
- Fuzzy Search — Find past clipboard entries even if you only remember a few words
- Categories — Organize entries as
code,url,secret,note,work,personal - Daemon / Watch Mode — Automatically capture everything you copy in the background
- Export — Decrypt and export your vault to JSON or plain text
- Purge Controls — Delete entries older than N days or clear the entire vault
- Rich Terminal UI — Beautiful tables, panels, and progress indicators via Rich
pip install clipvault-cliOr install from source:
git clone https://github.com/shazeus/clipvault
cd clipvault
pip install -e .# Set your master password (or enter it interactively each time)
export CLIPVAULT_PASSWORD="your-master-password"
# Add current clipboard contents
clipvault add
# Add specific text
clipvault add "my secret text" --category secret
# Add from stdin
echo "hello world" | clipvault add --stdin
# List recent history
clipvault list
clipvault list --limit 50 --category code
# Get and optionally copy a specific entry
clipvault get 42
clipvault get 42 --copy
# Fuzzy search
clipvault search "github token"
clipvault search "api key" --copy # copies top result
# Watch clipboard in daemon mode
clipvault watch
clipvault watch --interval 0.5 --category work
# Show vault statistics
clipvault stats
# Delete an entry
clipvault delete 42
# Purge old entries
clipvault purge --days 7
clipvault purge --all
# Export vault
clipvault export output.json
clipvault export output.txt --format txt --category code| Command | Description |
|---|---|
add [TEXT] |
Encrypt and save text to the vault (reads clipboard if no text given) |
list |
Display clipboard history in a formatted table |
get ID |
Decrypt and display a specific entry; optionally copy to clipboard |
search QUERY |
Fuzzy-search entries by content |
delete ID |
Remove an entry from the vault |
watch |
Daemon mode — auto-capture clipboard changes in real time |
stats |
Show vault statistics and category breakdown |
purge |
Remove old entries (by age or clear all) |
export FILE |
Decrypt and export the vault to JSON or plain text |
| Environment Variable | Description | Default |
|---|---|---|
CLIPVAULT_PASSWORD |
Master encryption password | (prompt) |
CLIPVAULT_DB |
Path to the SQLite database file | ~/.clipvault/history.db |
clipvault automatically detects and flags the following:
- Credit card numbers (Visa, Mastercard, Amex)
- API keys (
sk-,pk-,api_key, etc.) - AWS access key IDs (
AKIA…) - SSH/RSA private keys
- JWT tokens
- Password fields (
password=…) - Email addresses and phone numbers
- Keywords:
secret,token,credential,auth
Sensitive entries are marked with a red ⚠ badge in the list view.
MIT © shazeus