Summary
Gives Claude local vault operations for API keys and secrets without shipping them to the cloud. Exposes add, get, rotate, and audit-log commands against an encrypted SQLite vault that stays on your machine. The guard preflight scans repos for leaked credentials and unhardened MCP config before you hand them to an agent or push to GitHub. Useful when you're building agents that need production keys but you want audit trails and rotation without a network dependency. Supports macOS Keychain integration for daemon workflows and scriptable password sources for CI. The rotate-master command re-encrypts the entire vault transactionally if a team member leaves or a password leaks.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Holster
Local-first API key manager for AI developers.
Install
macOS Apple Silicon (M-series)
- Download
holster-cli-macos-arm64.tar.gz+.sha256from the latest release: https://github.com/nauta-ai/holster/releases/latest - Extract:
tar xzf holster-cli-macos-arm64.tar.gz - Verify:
shasum -a 256 -c holster-cli-macos-arm64.tar.gz.sha256 - Install:
sudo mv holster-cli /usr/local/bin/ - If macOS blocks first run:
xattr -d com.apple.quarantine /usr/local/bin/holster-cli - Verify:
holster-cli --version
macOS Intel (x86_64, since v0.7.0)
- Download
holster-cli-macos-x86_64.tar.gz+.sha256from the latest release. - Same extract / verify / install steps as above.
Linux x86_64
- Download
holster-cli-linux-x86_64.tar.gz+.sha256from the latest release. - Extract:
tar xzf holster-cli-linux-x86_64.tar.gz - Verify:
shasum -a 256 -c holster-cli-linux-x86_64.tar.gz.sha256 - Install:
sudo mv holster-cli /usr/local/bin/ - Verify:
holster-cli --version
Password handling on Linux: macOS Keychain is not available. Use --password-env <ENV_NAME> to read the vault password from an environment variable, or --password-stdin to pipe it via stdin.
Windows x86_64 (since v0.7.0)
- Download
holster-cli-windows-x86_64.zip+.sha256from the latest release. - Verify: in PowerShell,
(Get-FileHash -Algorithm SHA256 holster-cli-windows-x86_64.zip).Hashshould match the value in the.sha256file. - Extract:
Expand-Archive holster-cli-windows-x86_64.zip -DestinationPath . - Move
holster-cli.exesomewhere on$env:Path(e.g.C:\Users\<you>\bin\after adding that folder to PATH). - Verify:
holster-cli.exe --version
Password handling on Windows: macOS Keychain is not available. Use --password-env <ENV_NAME> or --password-stdin.
Rotating the master password (since v0.7.0)
Holster lets you change the vault's master password without re-creating the vault or losing entries:
holster-cli rotate-master /path/to/vault
# Prompts for OLD master, then NEW master twice (confirm)
This re-encrypts every entry under the new master and regenerates the vault salt under a single SQLite transaction. If the rotation fails or is interrupted, the vault remains intact under the old master.
If you cache the master password in macOS Keychain (common for daemon usage), pass --keychain-update SERVICE,ACCOUNT to update the cached entry in the same command:
holster-cli rotate-master /path/to/vault \
--keychain-update holster-personas-vault,admin
For unattended / scripted rotation:
# OLD pw from Keychain, NEW pw from env
holster-cli rotate-master /path/to/vault \
--old-password-keychain-service holster-personas-vault \
--old-password-keychain-account admin \
--new-password-env NEW_HOLSTER_MASTER
# Both from stdin (one line each, OLD first then NEW)
printf '%s\n%s\n' "$OLD_PW" "$NEW_PW" | \
holster-cli rotate-master /path/to/vault \
--old-password-stdin --new-password-stdin
Rotate the master password:
- After any suspected credential exposure
- After a team member who knew the master leaves
- Quarterly as routine hygiene
- Whenever the master appears in plaintext somewhere (logs, configs, transcripts)
Password sources (since v0.7.0)
get, add, rotate-master, and exec-env now accept the master password from multiple sources. Precedence (first non-None wins):
--password-env <NAME>— read from an environment variable--password-stdin— read first line of stdin--password-keychain-service <SVC> [--password-keychain-account <ACCT>]— macOS Keychain- Interactive TTY prompt (fallback)
This makes Holster scriptable from CI, launchd, systemd, and daemon contexts without requiring an interactive TTY.
Documentation
Read docs/framework/00_README.md to start.
holster guard
holster guard . preflights a repo before you run an AI agent against it or share/commit it. It prints a local RUN verdict, a SHARE verdict, and a ranked fix list without exposing raw secret values.
RUN VERDICT: CAUTION
SHARE VERDICT: RISKY
Why:
1. [SHARE/RISK] OPENAI_API_KEY in .env.local:3
2. [SHARE/RISK] .env.local not gitignored — will be committed
3. [RUN/CAUTION] MCP server "cursor" inherits full shell environment
Fix order:
1. Add .env.local and *.pem to .gitignore
2. Move live keys into the Holster vault (holster add ...)
3. Pin or approve the MCP wrapper command
For a redacted report that is safe to paste into a review thread:
holster guard . --share-report holster-guard-report.md
Status
v0.7.0 — early access. Holster includes the local vault CLI, rotate-master, scriptable password sources, Windows/macOS-x86_64 builds, and early holster guard preflight checks. Vault crate stable since M1.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Categories
Registryactive
Packageholster-mcp
TransportSTDIO
UpdatedMay 17, 2026
