Introduction
LLM Secrets protects your .env files from AI coding assistants like Claude Code. Your secrets are encrypted with Windows Hello and only decrypted at runtime in isolated subprocesses.
Claude Code can use your secrets without ever seeing them. Commands run with injected environment variables, but the actual values never appear in Claude's context.
Installation
Prerequisites
macOS:
- macOS with Touch ID (Apple Silicon M1/M2/M3 recommended)
Windows:
- Windows 10 or Windows 11
- Windows Hello enabled (PIN, fingerprint, or face recognition)
WSL/Linux:
- Windows 10/11 with WSL2 installed
- Ubuntu or Debian recommended
Download
Download LLM Secrets from the downloads page:
- macOS: LLM Secrets 3.1.0 for macOS (Apple Silicon)
- Windows: LLM Secrets 3.1.1 Setup (Windows)
- WSL/Linux: Scrt WSL 0.3.1
Quick Start
1. Download & Install
Download LLM Secrets for your platform from the downloads page and run the installer.
2. Encrypt Your Existing .env File
Navigate to your project and run setup:
cd your-project
scrt setupOr specify the path to your .env:
scrt setup C:\path\to\your\.envWindows Hello authentication → Your original .env is backed up → .env.encrypted is created. Your original .env is never deleted.
3. View Your Secrets
# View all secrets (authenticates automatically)
scrt view
# View a specific secret
scrt view STRIPE_SECRET_KEY4. Run Commands with Secrets
scrt run -- npm run deployEncrypting & Managing Secrets
Encrypt Existing Secrets (First Time)
# In your project directory with a .env file:
scrt setup
# Or specify path:
scrt setup /path/to/.envThis creates:
| File | Description |
|---|---|
.env |
Your original (unchanged) |
.env.backup |
Backup copy |
.env.encrypted |
Encrypted version (commit this to git) |
View Secrets
# Authenticates with Windows Hello and shows all secrets
scrt view
# Show only a specific secret
scrt view API_KEYAdd or Edit Secrets
# Step 1: Decrypt to .env for editing
scrt decrypt
# Step 2: Edit .env in your text editor (opens automatically)
# Step 3: Re-encrypt when done
scrt encrypt --forceAfter decrypting, your .env file contains plaintext secrets. Always run scrt encrypt --force when you're done editing.
Add to .gitignore
.env
.env.backupOnly commit .env.encrypted to your repository.
How It Works
The injection mechanism is simple:
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ Your Command │ --> │ Scrt injects │ --> │ Command runs │
│ (no secrets) │ │ $env:VARS │ │ with secrets │
└─────────────────┘ └─────────────────┘ └─────────────────┘- Encryption at rest - Your
.envis encrypted with AES-256-CBC - Windows Hello unlock - Master key protected by DPAPI + Windows Hello
- Runtime injection - Secrets decrypted only in subprocess environment
- Isolation - Values never return to parent process or Claude's context
Security Model
| Claude CAN See | Claude CANNOT See |
|---|---|
Secret names (e.g., PRIVATE_KEY) |
Secret values (e.g., 0x7f3a...) |
| Command structure | Decrypted environment variables |
| Transaction hashes | Private keys or tokens |
| Success/failure messages | Passwords or API secrets |
Simple vs Advanced Mode
| Feature | Simple Mode | Advanced Mode |
|---|---|---|
| Authentication | Windows Hello only | Windows Hello + KeePass password |
| Master key storage | DPAPI encrypted | KeePass database |
| Best for | Daily use, personal machines | High-security, shared machines |
Using with Claude Code
Claude Code automatically has access to use your secrets via the $env:SECRET_NAME syntax.
Example: Deploy a Smart Contract
# Claude writes this command:
forge script script/Deploy.s.sol \
--rpc-url $env:ALCHEMY_RPC_URL \
--private-key $env:PRIVATE_KEY \
--broadcast
# Scrt injects the actual values at runtime
# Claude never sees your private keyExample: Push to GitHub
git push https://$env:GITHUB_PAT@github.com/user/repo.gitExample: Deploy to Vercel
vercel --token $env:VERCEL_TOKEN --prodClaude should never run scrt decrypt or scrt view. These commands expose secret values. If you need to edit secrets, run these commands yourself.
Commands Reference
| Command | Description |
|---|---|
scrt setup [path] |
First-time setup: encrypt existing .env file |
scrt view [name] |
Auth + view secrets (all or specific) |
scrt auth |
Start Windows Hello session |
scrt decrypt |
Decrypt .env.encrypted to .env for editing |
scrt encrypt --force |
Encrypt .env to .env.encrypted |
scrt list |
List secret names (not values) |
scrt run -- <cmd> |
Run command with secrets injected |
scrt status |
Show session status |
scrt help |
Show all commands |
Environment Variables
Add secrets to your .env file using standard format:
PRIVATE_KEY=0x...
ALCHEMY_RPC_URL=https://eth-mainnet.g.alchemy.com/v2/...
GITHUB_PAT=ghp_...
VERCEL_TOKEN=...
GODADDY_API_KEY=...
GODADDY_API_SECRET=...Reference them in commands as $env:SECRET_NAME.
Backup & Restore
LLM Secrets supports encrypted cloud backups:
- Automatic backups - Configurable frequency (daily, weekly, monthly)
- Recovery password - Separate from Windows Hello, for disaster recovery
- Cross-machine restore - Restore secrets on a new Windows machine
Licensing
LLM Secrets is free for Windows and WSL. macOS requires a one-time $10 license.
| Platform | Price | Features |
|---|---|---|
| Windows | Free | Full GUI, Windows Hello, backup tools |
| WSL/Linux | Free | Native bash, Windows Hello bridge |
| macOS | $10 one-time | Touch ID, Secure Enclave, native app |
Why Free for Windows?
We believe security tools should be accessible. Windows and WSL users get full functionality at no cost. The macOS license helps support cross-platform development.
Source Available
The source code is available for security auditing:
- You may: View code, audit for security, build for personal use, report vulnerabilities
- You may not: Redistribute, sell, or provide as hosted service
All source code is available on GitHub. Security researchers can verify there are no backdoors in the encryption.
Security FAQ
The following answers are from DeepWiki, an independent third-party AI analysis of this codebase. Use their chatbot to ask your own security questions.
Can LLM Secrets, the developers, or Claude ever see my decrypted secrets?
No. Here's why:
- Client-side only - All encryption/decryption happens locally on your machine. There is no server component.
- Isolated subprocesses - Secrets are decrypted only in isolated subprocesses. Claude sees
$env:SECRET_NAME, never the actual value. - DPAPI protection - Master keys are encrypted with Windows DPAPI, bound to your Windows user account and machine.
- In-memory only - Commands like
scrt viewdecrypt to memory, never writing plaintext to disk. - Fully auditable - The crypto core is Apache 2.0 open source. The desktop app is source available. Verify yourself.
Even if the developers wanted to see your secrets (which they can't), the architecture makes it impossible since all operations are local and keys never leave your machine.
What happens if I lose my Windows account or master key?
You can recover IF you set up backups beforehand.
Recovery options:
- Master Key Backup - During setup, a 44-character key is shown once. Save it in your password manager.
- Recovery Password - Set a recovery password that encrypts your master key for cloud backup.
- Disaster Recovery Scripts -
Decrypt-MasterKeyBackup.ps1andDecrypt-EnvFile.ps1work without the app installed.
Your secrets are irrecoverable by design. There is no backdoor. Save your master key!
Troubleshooting
"Windows Hello authentication required"
A Windows Hello prompt will appear when accessing secrets. This is expected behavior.
".env.encrypted not found"
Run setup in your project first:
scrt setup"Secret not found"
Check available secrets:
scrt listThen add the missing secret by decrypting, editing, and re-encrypting:
scrt decrypt
# Edit .env file
scrt encrypt --forceNeed to update a secret?
# Decrypt, edit, re-encrypt
scrt decrypt
# Edit .env in your editor
scrt encrypt --forceInstall
One command to get started. Run this inside your WSL2 terminal:
The installer checks and installs everything you need. If packages are missing, it offers to install them automatically.
Setup
The setup wizard walks you through everything interactively:
Dependencies verified
Checks that GPG, pass, openssl, keyctl, and PowerShell interop are available.
Windows Hello confirmation
Your existing Windows Hello enrollment (face, fingerprint, or PIN) is used directly from WSL2.
Encryption key generated
A master key is created and stored securely. You'll set a passphrase.
Backup key saved
A recovery key is exported. Save it somewhere safe — it's your only recovery option.
Secrets added
Paste your secrets in KEY=value format. They're encrypted immediately.
Claude Code integrated
CLAUDE.md is generated and slash commands are installed automatically.
Usage
Once your secrets are added, inject them into any command:
Claude Code writes commands using $SECRET_NAME syntax. The actual values are injected at runtime and never appear in the terminal output or Claude's context.
Commands
scrt setup
First-time setup wizard
scrt run <cmd>
Run with secrets injected
scrt view
View secrets (GUI window)
scrt add KEY=val
Add new secrets
scrt edit
Edit secrets interactively
scrt list
List secret names
scrt hide
Verify security status
scrt learn
Regenerate CLAUDE.md
scrt backup
Export / import
scrt status
Show session info
scrt logout
Lock secrets
scrt version
Show version
Windows 10/11 with WSL2 (Ubuntu or Debian). Windows Hello must be configured. WSLg recommended for GUI features.