Getting started

Install, store a secret, use it.

Five minutes end-to-end. Assumes you already have Claude Code installed. Works on macOS, Linux, and Windows — the picker below detects your OS and shows the right command first.

1. Install

All three paths verify minisign before extracting. The picker shows the right command for your OS — switch tabs if you're on a different machine:

curl -fsSL https://claulock.com/install.sh | sh

macOS 13+ · Apple Silicon / Intel · verifies minisign + cosign before extracting

curl -fsSL https://claulock.com/install.sh | sh

Linux arm64 / x86_64 · glibc 2.31+ · same signature verification chain

irm https://claulock.com/install.ps1 | iex

Windows 10 1803+ · arm64 / x86_64 · drops binaries under %LOCALAPPDATA%\ClauLock\bin

Homebrew (macOS · Linux) — alternative

brew install Mackint0uch/tap/claulock

On macOS / Linux the installer places binaries in /opt/homebrew/bin/ (or /usr/local/bin/), generates a random 24-byte passphrase, stores it in your Keychain or secret-service, and starts the daemon as a launchd / systemd user agent. On Windows the PowerShell installer drops binaries under %LOCALAPPDATA%\ClauLock\bin, encrypts the passphrase via DPAPI, and prints a one-line Register-ScheduledTask snippet so the daemon auto-starts at logon. All three paths merge the PreToolUse / PostToolUse Bash hooks and the claulock MCP server into ~/.claude/settings.json and ~/.claude.json without clobbering existing entries.

Prefer a direct download? Grab the signed tarball, .deb, .rpm, macOS .pkg, Windows .msi, or Windows .tar.gz for your architecture from the latest GitHub release. Every artifact is signed (minisign over SHA256SUMS plus per-binary cosign sigs) — see Verify downloads below.

Windows beta note: the .msi ships unsigned during the v0.6.x beta on Windows. SmartScreen will show "Windows protected your PC" on first launch — click More info then Run anyway. Verify the download against the minisigned SHA256SUMS first if you want belt-and-suspenders. An Authenticode-signed build ships when the cert lands; until then the supply-chain story is identical to every other artifact in the release (same minisign + cosign chain).

1b. Verify downloads (optional but recommended)

Every release ships two independent signatures: a minisign signature over SHA256SUMS (covers every tarball, .deb, .rpm, and .pkg) and a cosign signature per shipped binary.

# 1. verify SHA256SUMS
minisign -Vm SHA256SUMS -P \
  RWSyx2T3dBSwgtWFkCgsVburcch3gocYhrhJD428hxwExlUIXyMvR6gY

# 2. verify the tarball itself
shasum -a 256 -c SHA256SUMS --ignore-missing

# 3. (optional) verify an individual binary
cosign verify-blob \
  --key cosign.pub \
  --signature clsec-macos-arm64.sig \
  clsec

The public keys live in the repo at minisign.pub and cosign.pub, and are also attached to every release. SLSA v1.0 provenance (*.intoto.jsonl) is attached too, for supply-chain attestation.

2. Verify the daemon

clsec status

Expect an Unlocked state, a socket at $TMPDIR/clsec-<uid>.sock, and a vault path of ~/.clsec/vault.clsec.

3. Store your first secret

From the CLI, ClauLock reads the value from stdin so it never appears in your shell history:

clsec add GITHUB_TOKEN --kind token --purpose "GitHub API"

You can also let Claude ask you directly. Start Claude Code and say "use the GitHub API to list my repos". Claude will call the secret_request_from_user tool; a password box appears in the Claude Code TUI; the value goes straight from that box into the local daemon. The chat transcript never sees it.

4. Use it in a Bash call

Ask Claude to hit GitHub. It will write something like:

curl -H "Authorization: Bearer {{GITHUB_TOKEN}}"
          https://api.github.com/user/repos

The PreToolUse hook rewrites the command to run under clsec-exec; the shim asks the daemon for the value; the daemon returns it over the Unix socket; the shim execves bash -lc with the placeholder substituted. The model sees the placeholder form in the transcript. Never the value.

5. Common commands

clsec list

Names and metadata only. Never values.

clsec rotate GITHUB_TOKEN

Replaces the value, preserves id and created_at.

clsec audit --limit 50

Every resolve / add / rotate / delete, with caller PID and binary.

clsec lock

Drops keys from memory. Auto-happens after 15 minutes idle.

clsec daemon log

Tails /tmp/claulock.{out,err}.log.

6. Uninstall

launchctl bootout gui/$(id -u)/com.claulock.daemon

rm ~/Library/LaunchAgents/com.claulock.daemon.plist

rm /opt/homebrew/bin/{clsec,clsecd,clsec-exec,clsec-mcp}

rm -rf ~/.clsec

security delete-generic-password -s claulock-passphrase -a $USER

Remove the claulock MCP server and Bash hooks from ~/.claude.json and ~/.claude/settings.json by hand.

Read the security model for the full threat model and crypto parameters.
Skim the FAQ for the usual questions.
Read the source on GitHub.