Naru is an industrial-grade, security-first configuration engine. Built with the speed and safety of Rust, it provides a tamper-evident, schema-enforced ecosystem for managing application secrets and environment variables in high-stakes production environments.
Explore Documentation • Report an Issue • Request a Feature
| Feature | Description |
|---|---|
| Zero-Trust Encryption | All sensitive data is protected by AES-256-GCM with SHA-256 key derivation. |
| Immutable Audit Trail | Every mutation is cryptographically signed and chained, creating a tamper-evident history. |
| Industrial Validation | Enforce strict types, numeric ranges, and Regex patterns before data ever leaves the CLI. |
| Atomic & Thread-Safe | OS-level advisory locking ensures zero data corruption during concurrent operations. |
| Modern Interop | Native handling of .env, YAML, JSON, and TOML with intelligent merging logic. |
Build the binary optimized for your architecture:
cargo build --release --locked
sudo cp target/release/naru /usr/local/bin/export NARU_ENCRYPTION_KEY="your-strong-master-password"
naru init# Define the validation rule
naru schema add --key STRIPE_KEY --type string --secret --pattern "^sk_live_.*$"
# Set the value (automatically encrypted and validated)
naru set STRIPE_KEY=sk_live_51Pq... --env productionNaru follows a Clean Architecture pattern, isolating its cryptographic core from external I/O.
src/core: The Stateless Engine. Pure business logic, validation, and crypto.src/cli: The Interface. High-performance command parsing and TUI.src/persistence: The Safe. Atomic file operations and OS-level locking.
We believe in open security. Check our Contributing Guide to see how you can help strengthen the Naru ecosystem.
Developed with precision for the security-conscious engineer.
Released under the MIT License.