A vault for your API keys that never leaves your machine.
NovaBash keeps the credentials your projects run on in an encrypted vault in your own browser. No account, no server, no subscription. Add your keys, apply a stack bundle, and generate a single .env on demand.
Encrypted with AES-256-GCM in your browser. Nothing is uploaded.
How it works
Set a passphrase
It derives the encryption key for your vault. It is never stored and never sent anywhere.
Add your keys
Add services by hand or apply a curated stack bundle, then fill in the values. Everything stays on your device.
Generate a .env
Download a single .env for the project you are working on. Export an encrypted backup whenever you want.
Why local-first
A solo developer or a small team does not need a third party holding their secrets. Keeping the vault on your own device removes the account, the monthly bill, and the question of who else can read your keys. You manage your own encrypted backup, and that is the whole arrangement.
In the box
- Encrypted vault in your browser, AES-256-GCM under your passphrase.
- Curated stack bundles to start from.
- One .env generated locally on demand.
- A tamper-evident, hash-chained audit log of every change.
- Encrypted export and import to back up or move devices.
Open the vault
It runs entirely in your browser. Set a passphrase and you are in.