Correct, for the path enveigh is built around. run_with_env injects secrets into a child process as environment variables and redacts those values from everything the agent reads back — the model receives a working command result, not a key. The plaintext-returning tools are off by default; when you opt in, they're Touch-ID gated and audited.

Values live in the macOS Keychain (kSecAttrAccessibleWhenUnlockedThisDeviceOnly — device-only, available only while your Mac is unlocked). Only non-secret metadata (names, tags, rotation dates) is written to app-data on disk. There is no enveigh cloud.

Through a local, token-gated UNIX-domain-socket broker that only runs while the vault is unlocked. Each connected client gets its own scoped token, and a client can be restricted to a single environment — enforced by the broker, not the client.

Anything that speaks MCP — Claude Code, Cursor, and other MCP clients — via the bundled enveigh-mcp server. There's also an enveigh CLI for scripts and terminals.

No — the sandbox would break the Keychain and broker model enveigh depends on. It ships as a Developer ID–signed, notarized download with a built-in auto-updater.

The app is in private beta. Reach out at hello@khuur.dev if you'd like to follow development or get early access.

It's free during the private beta. Pricing, if any, will be announced before it changes — early-access users will hear first.

Touch ID gates revealing and copying values by default, and you can require it before any command runs with injected secrets. You can relax the gate in Settings if you prefer.

Rotating creates a new version and retires the previous one. The old version stays in the Keychain through a grace window so you can roll back, then a purge pass deletes it. Bindings follow the current version unless you pin one.

Quit the app and drag it to the Trash. Your Keychain entries can be removed from Keychain Access (service enveigh), and the metadata lives under ~/Library/Application Support/enveigh.