NAME

End-to-end encrypted secret layer for developers.
Secrets are encrypted on-device before reaching the server.

---

What is Relic?

Relic is a CLI-first secret layer built for developers and teams.

• Secrets are encrypted on the client before leaving the device. The server stores only ciphertext.
• A Rust-based runner injects secrets at runtime without writing to disk.
• Share projects with teammates. Each person's secrets are encrypted with their own keys.
• Works in CI/CD. Use API keys to pull secrets in GitHub Actions, GitLab CI, or any pipeline.

Install

curl -fsSL https://relic.so/install | bash
brew install heycupola/tap/relic
npm install -g relic
bun add -g relic

Or download a prebuilt binary from the releases page.

Quick Start

relic login                                    # Authenticate via browser
relic init                                     # Initialize your project
relic                                          # Open the TUI and start managing secrets
relic run -e production -- npm run deploy      # Run with secrets injected

How It Works

Relic encrypts and decrypts secrets on the client using AES-256 and Argon2id. The server only stores encrypted data.

When you run relic run, the CLI fetches encrypted secrets, decrypts them locally, and injects them into the target process through a Rust runner that clears memory after use. No secrets are written to disk.

Learn more in the documentation.

Contributing

If you're interested in contributing to Relic, please read our contributing guide before submitting a pull request.

For security issues, email can@relic.so directly. Do not open public issues.

---

Website | Documentation | Changelog | X