Quickstart

Get Sirr running in under a minute. Push your first secret, retrieve it, and watch it self-destruct.

Sirr requires a SIRR_MASTER_KEY to start. This key is used both as the bearer token for API authentication and as the seed for encrypting all stored secrets. Keep it safe.

Install

Choose your preferred installation method. Docker is the fastest way to get started.

docker run -d \
  --name sirrd \
  -p 39999:39999 \
  -v ./sirr-data:/data \
  -e SIRR_MASTER_KEY="$(openssl rand -hex 32)" \
  -e SIRR_DATA_DIR=/data \
  ghcr.io/sirrvault/sirrd

If you installed via Homebrew or binary download, start the server manually:

Start the server

export SIRR_MASTER_KEY="$(openssl rand -hex 32)"
sirrd serve

The server is now listening on http://localhost:39999. The master key was printed to your terminal -- save it somewhere safe.

Push your first secret

Push a secret with a TTL of 1 hour and a maximum of 1 read. Once the secret is read or the TTL expires, it is permanently destroyed.

sirr push DB_URL="postgres://user:pass@db:5432/myapp" \
  --reads 1 \
  --ttl 1h

Retrieve a secret

Retrieve the secret by its key. If max_reads was set to 1, this will be the only time you can read it.

sirr get DB_URL

You can also delete a secret before it expires:

Delete a secret

sirr delete DB_URL

Push and pull .env files

Sirr has first-class support for .env files. Push an entire file and pull it back on another machine:

Push and pull .env

# Push your .env file with a 24-hour TTL
sirr push .env --ttl 24h

# On another machine, pull it back
sirr pull .env

What is next

You have a running Sirr instance and know the basics. Here is where to go from here:

  • Architecture -- understand how Sirr encrypts and stores secrets
  • API Reference -- full HTTP API documentation
  • Configuration -- all environment variables and options
  • MCP Server -- integrate Sirr with AI agents via the Model Context Protocol
  • SDKs -- official client libraries for Node.js, Python, and .NET

Was this page helpful?