@AutomicVault profile picture
Automic Vault @AutomicVault

Secure the tools you `brew install`. A new kind of package manager for a new kind of threat model. From the creator of Homebrew.

Joined May 2026
  • Tweets 14
  • Following 2
  • Followers 90
8 Photos and videos
Pinned Tweet
Automic Vault@AutomicVault
Jun 1
Secure the tools You `brew install`
0:45
1
8
5,102
av 1.19.0 github.com/automic-vault/aut…

Release Automic Vault 1.19.0 · automic-vault/automic-vault

Added Added av transfer to send vaulted dotenv keys and selected isotope keys to another Mac over SSH. Added receiver-side key transfer approval prompts in Automic Vault.app, including source, wor...

github.com
2
43
Several releases over the last few days. Most interestingly full encrypted `.env` support using @dotenvx compatible encryption. Use Automic Vault locally and dotenvx in prod.
2
1,118
v1.17.0 includes detection and mitigation for several new secret exposures including your github token hiding behind a simple `git` invocation. github.com/automic-vault/aut…

Release Automic Vault 1.17.0 · automic-vault/automic-vault

Security & Scanning Added detect-only Bash and Zsh radioisotopes for plaintext-looking credentials in shell startup files. Expanded default secret scanning to include common Bash/Zsh startup p...

github.com
430
The competition adds guardrails that can be worked around. Automic Vault patches the packages at the root. Agents and malware cannot bypass our rails.
2
287
w/Automic Vault outdated packages show you their release notes.
244
Tahoe style GUI rewrite almost complete.
1
2
1,756
Automic Vault patches it so `gh auth token` has a human approval gate. Stop malware and agents getting your keys.
Jiahan Chen
@jiahan_c
May 26
Do you know that using GitHub CLI (gh) may expose you to supply-chain attacks? It stores a long-lived GitHub token on your machine, which can be stolen by any malicious scripts. This is what happened in the recent Nx Console supply-chain compromise, which led to GitHub’s internal source code being leaked.
1
1
2
1,964
Automic Vault retweeted
Jiahan Chen
@jiahan_c
May 26
Do you know that using GitHub CLI (gh) may expose you to supply-chain attacks? It stores a long-lived GitHub token on your machine, which can be stolen by any malicious scripts. This is what happened in the recent Nx Console supply-chain compromise, which led to GitHub’s internal source code being leaked.
26
78
475
79,343
New in v1.8.0 detection for plain text secrets across system managed packages like cURL and git.
1
2
3
1,137
github.com/automic-vault/aut…

Release Automic Vault 1.8.0 · automic-vault/automic-vault

App and CLI Added detector-only security hazards for local plaintext secret exposure, shown in search and the installed package panel as sys:* entries when remediation is not available yet. Improv...

github.com
2
86
v1.7.0: faster & more robust package updates; >17,000 packages scanned for isotopic security; 99 isotopes keeping your tool secrets out of plain text. github.com/automic-vault/aut…
1
2
846
v1.2 released with searchable npm installs
1
218
👋 We're Automic Vault. Your agents are autonomous. Your secrets are in plain text. Your tools can delete prod with one command. We fix that — at the layer that actually matters. Built by @mxcl, creator of Homebrew.
1
1
2
523
Load more