Vaultuner
Human-readable secrets for Bitwarden Secrets Manager.
Vaultuner replaces cryptic UUIDs with intuitive paths. Your secrets, organized the way you actually think about them.
Why Vaultuner?
Bitwarden Secrets Manager is excellent for secure credential storage, but its CLI requires UUIDs to reference secrets:
Nobody memorizes UUIDs. You end up searching through dashboards or keeping a mapping file. Vaultuner fixes this:
Secrets organized by project and environment. Instantly memorable. Zero cognitive overhead.
Key Features
Path-Based Naming
Reference secrets by meaning, not by ID:
Environment Isolation
Keep dev, staging, and prod secrets cleanly separated:
vaultuner list -p myapp -e prod # Only production secrets
vaultuner export -p myapp -e dev # Export dev secrets to .env
.env Integration
Sync secrets with your local development workflow:
# Pull secrets into your project
vaultuner export -p myapp -o .env
# Push local secrets to the vault
vaultuner import -p myapp -i .env
Soft Delete & Recovery
Accidentally deleted something? No problem:
vaultuner delete myapp/api-key # Soft delete
vaultuner restore myapp/api-key # Bring it back
vaultuner delete myapp/api-key --permanent # Actually delete
Secure Credential Storage
Your Bitwarden access token is stored in macOS Keychain, not in plaintext config files.
Quick Example
# Install (--python 3.12 required for bitwarden-sdk compatibility)
uv tool install --python 3.12 vaultuner
# Configure once
vaultuner config set access-token <your-token>
vaultuner config set organization-id <your-org-id>
# Start using
vaultuner set myapp/prod/stripe-key "sk-live-abc123"
vaultuner get myapp/prod/stripe-key --value
vaultuner export -p myapp -e prod -o .env.production
Getting Started
Built at All Tuner Labs by David Poblador i Garcia