Skip to content

Add process-level secret injection (vaultix exec) #1

New issue
New issue
Open
Open
Add process-level secret injection (vaultix exec)#1
Labels
clienhancementNew feature or requesthigh-prioritysecurity
@Zayan-Mohamed

Description

@Zayan-Mohamed
Zayan-Mohamed
opened on Jan 11, 2026

  • Vaultix currently only supports extracting secrets to disk. This exposes secrets to filesystem leaks, backups, and accidental commits.

  • We need a mode that decrypts secrets into memory, injects them into a child process as environment variables, and wipes them after execution.

  • Proposed UX

vaultix exec --env AWS_KEY=aws_key.txt --env DB_PASS=db.txt -- myapp

This should:

  • Decrypt secrets in memory
  • Set them as environment variables
  • Execute the target command
  • Zero memory after process exit

Acceptance Criteria

  • No secret data written to disk
  • Secrets available only to the spawned process
  • Memory wiped after execution
  • Works cross-platform

Metadata

Metadata

Assignees

No one assigned

    Labels

    clienhancementNew feature or requesthigh-prioritysecurity

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions