Privacy-first secrets vault and local approval gateway. Secrets live in an encrypted SQLCipher database on the user's machine; apps request bucket env vars over a local Unix socket or Windows named pipe. Each request is gated by OS-verified process fingerprint, bucket client token, and human approval with configurable TTL.
Shipped (v0.2): desktop app (Windows, macOS, Linux), vault CRUD, buckets, audit log, Argus Proxy (loopback MITM on ports 9000–9100 with placeholder rewrite and host allowlists), Python and Node SDKs.
Planned: argus run for OS-level transparent HTTP/HTTPS capture (mitmproxy_rs redirectors + existing Argus MITM stack), CLI commands, Go/Ruby/Java clients, and self-hosted team infrastructure.
Impact: reduces plaintext secrets in repos and shell history, gives developers explicit control over which processes receive credentials, and keeps secrets off third-party cloud vault APIs for local workflows. Honest limits: not audited yet; root/kernel attackers and coerced approvals remain out of scope; proxy mode requires trust in local MITM.
Fund this project
Sushant Samuel
useargus.dev
github.com/useargus-dev/argus