Kure is a free and open-source password manager for the command-line.

This project aims to offer the most secure and private way of operating with sensitive data on the terminal, as well as providing a feature-rich and interactive interface to make the user experience simple and enjoyable.


  • Cross-Platform: Linux, macOS, BSD and Windows supported.
  • Offline: Data is handled locally, no connection is established with 3rd parties.
  • Secure: Each record is encrypted using AES-GCM 256-bit and a unique password. Furthermore, the user's master password is never stored on disk, it's encrypted and temporarily kept in-memory inside a protected buffer, decrypted when it's required and destroyed immediately after it. The key derivation function used is Argon2 with the id version.
  • Easy-to-use: Extremely intuitive and does not require advanced technical skills.
  • Portable: Both Kure and the database compile to binary files and they can be easily carried around in an external device.
  • Multiple formats: Store entries, cards and files of any type.


Pre-compiled binaries

Linux, macOS, BSD and Windows pre-compiled binaries can be found here.

Homebrew (Tap)

brew install GGP1/tap/kure

Scoop (Windows)

scoop bucket add GGP1 https://github.com/GGP1/scoop-bucket.git
scoop install GGP1/kure


scoop install https://raw.githubusercontent.com/GGP1/scoop-bucket/master/bucket/kure.json


Use volumes -v <volume-name>:/root/.kure to persist the data on the host machine.

Mount your database and configuration file to the container using bind mounts: -v /path/to/data:./root/.kure. Any write into the bind mount will be propagated back to the Docker host.

docker run -it gastonpalomeque/kure sh

Comp├Čle from source

Requirements: Go

git clone https://github.com/GGP1/kure
cd kure
make install


Out-of-the-box Kure needs no configuration. It sets default values, creates the configuration file and the database at:

  • Linux, BSD: $HOME/.kure
  • Darwin: $HOME/.kure or /.kure
  • Windows: %USERPROFILE%/.kure

However, you may want to store the configuration file elsewhere or use a different one, this can be done by setting the path to it in the KURE_CONFIG environment variable.

Moving forward to the configuration file itself, in it we can specify the clipboard and session timeouts, the location of the database (if it doesn't exist it will be automatically created), the argon2 parameters, the editor used and whether or not a keyfile is required. Head over configuration for further details.

Paths inside the file must be absolute.

Formats supported: JSON, TOML, YAML. Samples.


  • Linux, BSD: xsel, xclip, wl-clipboard or Termux:API add-on (termux-clipboard-get/set) to write to the clipboard.
  • macOS: none.
  • Windows: none.