AxKeyStore
Securely store your secrets in GitHub Private Repo
5 followers
Securely store your secrets in GitHub Private Repo
5 followers
Secure store for your keys and passwords using your GitHub Private Repo as untrusted storage. Encryption happens at client side and no data pass through the wire unencrypted. It's just You and Your GitHub Private Repo.
Hey Product Hunters,
Presenting AxKeyStore, a secure, open-source CLI to manage your secrets, keys, and passwords using your own private GitHub repository as the backend.
As developers, we’ve all faced this problem:
→ Where do you store passwords and keys?
→ How do you version secrets safely?
→ How do you sync them across machines without trusting yet another SaaS vault?
Most solutions either:
→ Store your secrets on someone else’s servers
→ Require you to trust their encryption claims
→ Or add heavy infra just to manage a few keys
AxKeyStore takes a different approach.
It treats GitHub as untrusted storage and keeps you in full control.
Here’s the core idea:
→ Your secrets are encrypted locally.
→ They are stored as encrypted blobs in your own private GitHub repo.
→ No plain-text secrets ever leave your machine.
→ No plain-text secrets are stored locally either.
→ Zero-Trust by Design
AxKeyStore uses a multi-layer encryption model:
→ A Local Master Key for encrypting your local GitHub token + repo config
→ A Remote Master Key for encrypting actual secrets
Everything happens client-side.
GitHub only ever sees encrypted binary data. It never sees:
→ Your master password
→ Your decrypted secrets
→ Your master keys
Even if someone gains access to your repo, they only see ciphertext.
Why GitHub as the Backend?
Because it gives you:
→ Free, reliable storage
→ Version history (built-in audit trail)
→ Access control via GitHub permissions
→ No additional infrastructure
→ You already trust GitHub with your source code. Now you can use it as an encrypted secret store, without trusting it with the actual secrets.
Designed for Developers
→ Simple CLI workflow
→ Hierarchical categories (cloud/aws/prod)
→ Version history per key
→ Multi-profile support (work, personal, etc.)
→ Auto-generate strong secrets
→ Transactional password reset
Install. Login. Init a private repo. Store secrets. Done.
→ No hidden backend.
→ No subscription.
→ No telemetry.
This is an MIT-licensed Open Source project built by the Appxiom team. You can inspect everything, especially the crypto implementation, and run it locally.
Just you, your keys, and your repo.
I’d love feedback from this community:
→ Would you trust GitHub as encrypted secret storage?
→ What workflows would make this more useful for your setup?
→ What would stop you from adopting it?
If this resonates, I’d really appreciate your support and thoughts.
Happy to answer every question here.