Give Claude Code full secret management capabilities in 30 seconds.
SC_BASE_URL=https://secretcarousel.com SC_API_KEY=sc_free_your_key_here
Don't have a key? Run: npx secretcarousel signup --tenant my-project
Paste this into your project's CLAUDE.md file. Claude Code will read it at session start.
# SecretCarousel Integration This project uses SecretCarousel for encrypted secret management. API base: ${SC_BASE_URL}. Auth: X-API-Key header with ${SC_API_KEY}. EVERY request MUST include: -H "X-API-Key: ${SC_API_KEY}" -H "Content-Type: application/json" ## Agent self-signup (if no key yet) POST ${SC_BASE_URL}/api/signup with: {"tenantId":"project-name"} Returns: apiKey (save it), tenantId, plan, limits, quickstart steps. ## Storing secrets POST ${SC_BASE_URL}/api/v1/secrets with: {name, value, secretType (database-credentials|api-key|certificate|custom)}. Secret is AES-256-GCM encrypted at rest. Response includes secretId. ## Retrieving secrets GET ${SC_BASE_URL}/api/v1/secrets/:secretId — decrypts and returns value. Access logged. GET ${SC_BASE_URL}/api/v1/secrets — list all (metadata only, no values). ## Updating secrets PUT ${SC_BASE_URL}/api/v1/secrets/:secretId with: {value:"new-value"}. Auto-creates new version. Previous versions preserved. ## Sharing secrets (Pro plan) POST ${SC_BASE_URL}/api/v1/shares with: {secretId, expirationHours, maxUses, password(optional)}. Returns share token. Recipient accesses via POST /api/v1/shares/access/:token. ## Rotation (Pro plan) POST ${SC_BASE_URL}/api/v1/rotation with: {secretId, schedule:"0 0 */30 * *", alertDaysBefore:7}. POST ${SC_BASE_URL}/api/v1/rotation/:id/rotate-now for immediate rotation. ## Audit trail GET ${SC_BASE_URL}/api/v1/audit — query audit logs (every access logged automatically). GET ${SC_BASE_URL}/api/v1/audit/export?format=csv — compliance export. ## Key patterns - Secret IDs: secret-uuid format (auto-generated) - Auth: X-API-Key header on every request - Encryption: AES-256-GCM, unique key per secret, PBKDF2 derivation - Versioning: auto-version on every PUT - All requests need: -H "X-API-Key: ${SC_API_KEY}" -H "Content-Type: application/json"
Claude Code now has full SecretCarousel capabilities. Try:
# Store a database credential "Store our production database URL in SecretCarousel" # Retrieve for deployment "Get the DATABASE_URL secret and use it in the docker-compose" # Rotate after a breach "Rotate all API keys that were created before yesterday" # Share with contractor "Create a 1-hour share link for the staging API key"
# Install globally npm install -g secretcarousel # Or use npx (no install) npx secretcarousel secrets:create --name DB_URL --value postgres://... npx secretcarousel secrets:list npx secretcarousel env:export --environment production > .env
© 2026 Tyga.Cloud Ltd. All rights reserved.