1. kbsecret(1)
  2. KBSecret Manual
  3. kbsecret(1)


kbsecret - secret manager backed by Keybase


kbsecret [options] <command [arguments]>


kbsecret is a secret manager.

It can be used to manage username/password combinations, environment keys, code snippets, "to do" notes, files, and many other forms of structured data.

Internally, kbsecret is just a directory structure containing JSON files whose fields correspond to fields in Ruby objects. Those files are written and read from KBFS, a fuse(8) filesystem using Keybase. This provides transparent encryption via the key created or uploaded through Keybase.

Since KBFS allows for transparent encryption between multiple Keybase users, kbsecret can share secrets between multiple users and via multiple "sessions," each of which can have an arbitrary number of users and records within it.


-h, --help

Print general help information, including a list of all available commands.

This is an alias for the kbsecret-help(1) built-in.

-v, --version

Print kbsecret's version number.

This is an alias for the kbsecret-version(1) built-in.


These are the main commands provided by a normal kbsecret(1) installation.

You can customize your installation to include additional commands, which will appear in the list generated by kbsecret-commands(1) if made executable and placed on the $PATH.


All core kbsecret(1) commands respect (i.e., will not complain about) the following options. These are documented here (and only here) for the sake of brevity:

-V, --verbose

Produce more verbose output, which is disabled by default.

Verbose output is emitted on the standard error stream.

-w, --no-warn

Suppress warning output, which is enabled by default.

Warning output is emitted on the standard error stream.


Produce full backtraces on errors, instead of just short error messages.

Backtrace output is emitted on the standard error stream.

-h, --help

Print help information for the command.


Print all flags (and subcommands) accepted by the command.

This is used primarily for tab completion, and is a parseable subset of the output produced by -h, --help.


Some kbsecret commands require environment settings. These will be specified in their respective manual pages.


kbsecret returns 0 on success, and nonzero on failure or error.


Records stored in KBFS are fully encrypted and as secure as the PGP private key used by Keybase. However, when KBFS is running on your logged-in computer, any same-user process can copy from it. This is no different from many other password and secret managers, but is worth remembering.


kbsecret is maintained by William Woodruff.

kbsecret is licensed under the terms of the MIT license.

The full text can be found under the "LICENSE" file in kbsecret's source code, which is available at https://github.com/kbsecret/kbsecret.

KBFS: https://keybase.io/docs/kbfs

Keybase: https://keybase.io/docs


kbsecret-configuration(5), pass(1), fuse(8)

  1. 1.8.1
  2. March 2019
  3. kbsecret(1)