Tene is a local-first, encrypted secret management CLI. It stores your API keys, tokens, and credentials in an encrypted SQLite vault on your device. No server, no signup, no cloud dependency.

How does Claude Code auto-detection work?

When you run tene init, it generates a CLAUDE.md file in your project root. Claude Code reads this file automatically and learns how to use tene to retrieve secrets.

Yes, Tene is 100% free and open source under the MIT license. All local features — encryption, runtime injection, multi-environment, AI editor rules — are free forever with no limits.

Will there be team features?

Team sync and collaboration features are being designed. The goal is encrypted team sync without a central server. Join the waitlist at tene.sh to get notified when it launches.

How are my secrets encrypted?

Tene uses XChaCha20-Poly1305 encryption with 256-bit keys derived from your master password via Argon2id. Each secret gets a unique 192-bit nonce.

Does Tene work offline?

Tene is 100% offline. It makes zero network calls. Your secrets are encrypted and stored locally in a SQLite database.

Does my app need code changes?

No. `tene run -- ` sets the same environment variables your code already reads via `process.env.*`, `os.Getenv`, `os.environ`, etc. You typically remove the `dotenv` import because it is no longer needed.

What about my CI pipeline?

Add `TENE_MASTER_PASSWORD` to your CI secrets. Then run `tene run --no-keychain -- npm test`. The `--no-keychain` flag tells tene to read the master password from the environment variable instead of prompting.

Can I still share secrets with my team?

The CLI is strictly local. Optional end-to-end encrypted team sync is available via app.tene.sh (Pro). Each teammate runs `tene pull` and decrypts the vault with their own master password.

Is this really safer than .env?

For the AI-agent threat model — values ending up in an LLM context window — yes, because values never exist as plaintext on disk. For the general threat of a compromised machine, tene is as strong as the master password + Argon2id KDF + OS keychain, which is much stronger than a plaintext file.

Comparison

tene vs .env

Plaintext .env files are now an AI liability. tene encrypts them and injects values at runtime — agents never see the secrets.

Star on GitHub

The `.env` file was invented in 2012, before AI coding agents existed. Every modern AI assistant — Claude Code, Cursor, Windsurf, Gemini, Copilot — reads your project files as context. That means your API keys, database passwords, and OpenAI tokens get loaded into the LLM context window the moment you open your editor.

tene keeps `.env` out of the equation: your secrets live in an encrypted SQLite vault, and `tene run -- <cmd>` injects them as environment variables at runtime. The AI agent sees the command, never the values.

Why .env is not a secret in 2026

AI coding assistants index every file in your workspace so they can answer questions like "why did this build fail?". That index includes `.env`. In practice, your Stripe key or database password will appear in tool_result blocks, session transcripts, completion suggestions, and anything that gets logged.

The traditional advice — `.gitignore` the file — only stops the secret from reaching GitHub. It does nothing about the LLM context window.

Side-by-side

Feature-by-feature comparison. Every row is sourced from the official docs of each product — if you find something stale, open an issue.

Dimension	tene	.env files
Storage	Encrypted SQLite vault (XChaCha20-Poly1305)	Plaintext file on disk
AI agent reads values	No — values never enter context window	Yes — .env is part of project context
Accidental git commit	Safe — vault is ciphertext	Common leak vector (even with .gitignore)
Runtime injection	`tene run -- <cmd>` injects env vars	Requires an in-code loader (dotenv package)
Multi-environment	Built-in (`--env dev/staging/prod`)	Manual file juggling (.env.dev, .env.prod)
Recovery	12-word BIP-39 mnemonic	Whatever backup you remembered to make
Vendor lock-in	None — portable SQLite file	None
Price	Free (MIT)	Free

Why runtime injection beats a plaintext file

tene never writes plaintext values to disk. `tene run -- <cmd>` decrypts secrets in memory, sets them as environment variables on the child process, and exits. Child processes — including whatever AI editor you launch through it — see the same env vars they would have read from .env, but no file on disk contains the plaintext.

That means: no `.env` to accidentally commit, no plaintext for an AI agent to index, and no leftover backup file after a rotation.

What you keep, what you drop

You keep: `process.env.STRIPE_KEY` in your Node app, `os.Getenv("STRIPE_KEY")` in your Go service, `os.environ["STRIPE_KEY"]` in Python. You drop: the plaintext `.env`, the `dotenv` npm package import (no longer needed), and the mental overhead of remembering whether you rotated staging after you last edited prod.

Migrate from .env to tene in 30 seconds

`tene import` converts an existing .env file into the encrypted vault. After that, you delete `.env` and use `tene run --` in its place.

Install tene

$ curl -sSfL https://tene.sh/install.sh | sh

2
Initialize a vault
```
$ tene init
```
3
Import your existing .env
```
$ tene import .env
```
4
Delete the plaintext .env
```
$ rm .env
```
5
Run your app through tene
```
$ tene run -- npm start
```

After migration: Your build/test/CI commands stay the same — just prefixed with `tene run --`. Add `TENE_MASTER_PASSWORD` to your CI secrets to run non-interactively.

FAQ

Does my app need code changes?: No. `tene run -- <cmd>` sets the same environment variables your code already reads via `process.env.*`, `os.Getenv`, `os.environ`, etc. You typically remove the `dotenv` import because it is no longer needed.
What about my CI pipeline?: Add `TENE_MASTER_PASSWORD` to your CI secrets. Then run `tene run --no-keychain -- npm test`. The `--no-keychain` flag tells tene to read the master password from the environment variable instead of prompting.
Can I still share secrets with my team?: The CLI is strictly local. Optional end-to-end encrypted team sync is available via app.tene.sh (Pro). Each teammate runs `tene pull` and decrypts the vault with their own master password.
Is this really safer than .env?: For the AI-agent threat model — values ending up in an LLM context window — yes, because values never exist as plaintext on disk. For the general threat of a compromised machine, tene is as strong as the master password + Argon2id KDF + OS keychain, which is much stronger than a plaintext file.

Other comparisons

See how tene compares against every other major secret manager.