Credentials

macOS Keychain-based credential management. API keys stored encrypted, retrieved via the security command, never in plain text files.

Managed Services

Commands

Check Status

Copycredentials.sh status

Shows which keys are configured and which are missing.

Set a Key

Copycredentials.sh set GITHUB_TOKEN ghp_xxxxxxxxxxxxx

Stores the key in macOS Keychain under the kun service.

Get a Key

Copycredentials.sh get GITHUB_TOKEN

Retrieves from Keychain — never stored in a file.

Export to Environment

Copycredentials.sh export

Exports all stored keys as environment variables for the current session.

Setup All

Copycredentials.sh setup

Interactive setup — walks through each required key.

How It Works

Storage

Keys are stored in macOS Keychain using the security command:

Copy# Store
security add-generic-password -a "kun" -s "GITHUB_TOKEN" -w "ghp_xxx" -U
 
# Retrieve
security find-generic-password -a "kun" -s "GITHUB_TOKEN" -w

Security

• Encrypted at rest by macOS Keychain
• Protected by your Mac login password
• Never written to disk in plain text
• Not committed to git
• Per-machine, not shared

Safari Password Integration

For web services that need browser login, credentials.sh can reference Safari's saved passwords:

Copycredentials.sh login vercel
# Opens Safari to vercel.com with saved credentials

Windows Alternative

On Windows, secrets are managed via the gist-based system:

Copy# Setup secrets from private gist
.\.claude\scripts\secrets.ps1 -GistId YOUR_GIST_ID

This downloads encrypted secrets from a private GitHub gist and configures environment variables.