Secrets Vault
tota stores secrets in the OS keychain (macOS Keychain, GNOME Keyring, Windows Credential Manager). If keytar is unavailable, secrets are kept in an AES-256-GCM encrypted file at ~/.tota/vault.enc.json.
No configuration is required — the vault is always on. Run tota setup vault to see which backend is active and review usage instructions.
| Tool | Description |
|---|---|
secret_store | Store a secret by name |
secret_get | Retrieve a secret by name |
secret_list | List all stored secret names |
secret_delete | Delete a secret by name |
Store my GitHub PAT
> secret_store name=github_token value=ghp_xxx
Retrieve it later
> secret_get name=github_token