Hush, let an AI agent use your secrets without ever seeing them

Notifications You must be signed in to change notification settings

Fork 0

Star 2

BranchesTags

Open more actions menu

Folders and files

NameName

Last commit message

Last commit date

Latest commit

History

23 Commits

23 Commits

.github/workflows

.github/workflows

assets

assets

helpers

helpers

test

test

win

win

.gitignore

.gitignore

AGENTS.md

AGENTS.md

LICENSE

LICENSE

README.md

README.md

SKILL.md

SKILL.md

hush

hush

package.json

package.json

Repository files navigation

If you were handed this repo's url, install yourself, then follow the playbook. Get the hush script onto the box and read SKILL.md , that's the whole onboarding (it covers store / mint / inject and how to adopt hush in the repo you're working in). The script is one self-contained bash file; put it wherever your agent loads tools or just on your PATH:

git clone https://github.com/royashbrook/hush chmod +x hush/hush

then put hush/hush on your PATH, or move it into your agent's skills/tools dir

or run it straight from npm without cloning: npx @royashbrook/hush (mac/linux; on windows use the clone, the orchestrator is bash).

Claude Code convenience (auto-loads as a skill): clone straight into the skills dir instead , whole session git clone https://github.com/royashbrook/hush ~/.claude/skills/hush, or one project ./.claude/skills/hush. Other agents: see AGENTS.md.

That's it , the human points you here and says "use the hush skill," and you take it from here. The one thing only a human can do is paste a secret they hold: when you hit that, run hush set and a hidden dialog pops on their screen (you never see the value).

install (humans)

Same clone as above, or just grab the single hush script and put it on your PATH.

Backends: macOS Keychain, Linux libsecret (secret-tool), and Windows DPAPI (via PowerShell) are built in. On other platforms keep the same contract with your OS secret store (see SKILL.md). Cross-OS tested in CI (manual workflow_dispatch, all three runners).

quick start

hush set my-vendor-token # paste a value you hold (hidden prompt) printf '%s' "$TOK" | hush set my-vendor-token # ...or pipe it in (scripts/CI), still off argv hush mint app-operator-key # generate + store a random one hush run TOKEN=my-vendor-token -- some-cmd # inject into a command, never printed hush list # names only, never values

Naming: keep the default hush namespace and prefix names by project (blame-cf-token, lifescored-gemini-key) so one keychain search for hush finds everything. HUSH_NS is only for a genuinely separate store, not per-project. Need to fix an existing name? hush rename moves the value internally (never re-asked, never printed). Full docs + the portable contract: SKILL.md.

not a vault

An agent with shell access can read+write this store, so it's not a lock against a hostile process. It's structure that keeps plaintext out of the transcript and makes "store once, inject everywhere" the easy path. It's also only as durable as the machine it's on (a local keychain) , back the machine up, or sync onward into a real secret manager, and don't make hush the only copy of a secret you can't regenerate. MIT licensed.

About

a secret store for AI agents with one rule: the agent never sees the plaintext. get a secret once into the OS keychain, then inject it into commands forever. no get, cross-platform, MIT.

Topics

cli

security

credentials

keychain

secrets

developer-tools

ai-agents

secrets-management

agent-skills

claude-code

royashbrook-tool

Resources

Readme

License

MIT license

Uh oh!

There was an error while loading. Please reload this page.

Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks

Report repository

Releases

No releases published

Packages 0

Uh oh!

There was an error while loading. Please reload this page.

Contributors

Uh oh!

There was an error while loading. Please reload this page.

Languages

Shell 88.2%

PowerShell 11.8%