secrethub

secrethub command [options] [args]

secrethub was a secret management service CLI that provided secure credential storage with end-to-end encryption and a zero-knowledge architecture. Secrets were organized in repositories using a path-based hierarchy (org/repo/secret) and encrypted client-side before transmission.The run command injected secrets into environment variables for a child process, keeping credentials out of config files and shell history. Template injection via inject generated configuration files with secrets substituted from references, enabling secure deployment workflows.Built-in access control allowed team sharing of secrets with granular permissions. The service was acquired by 1Password and has been discontinued; users should migrate to alternatives like 1Password, HashiCorp Vault, or similar tools.

write path

Store a secret at the given path (reads value from stdin or prompt).

Retrieve and print a secret value.

List secrets, directories, or repositories at a path.

Execute a command with secrets injected as environment variables.

Render a template, substituting secret references with actual values.

Initialize a new repository.

Generate and store a random secret at the given path.

Copy the secret to the clipboard instead of printing it (with read).

Load environment variable references from a file (with run).

Service discontinued. Use alternatives. Account required.

SecretHub was a secret management service founded in the Netherlands. It was acquired by 1Password in April 2021 and subsequently discontinued, with service end-of-life on January 1, 2022. Functionality was absorbed into 1Password Secrets Automation and the 1Password CLI (op). Existing users were provided migration guides for Python, Go, JavaScript, Terraform, and the Kubernetes operator.

op(1), vault(1), pass(1)