Solo Dev Quickstart

No org, no team, no ceremony. Install the server locally, push a secret, retrieve it, and wire Claude up to the vault — all in under five minutes.

Install

docker run -d \
  --name sirrd \
  -p 39999:39999 \
  -v ./sirr-data:/data \
  -e SIRR_MASTER_ENCRYPTION_KEY="$(openssl rand -hex 32)" \
  -e SIRR_DATA_DIR=/data \
  ghcr.io/sirrlock/sirrd

If you installed via Homebrew or binary, start the server manually and export the key:

export SIRR_MASTER_ENCRYPTION_KEY="$(openssl rand -hex 32)"
sirrd serve
# → Server listening on http://localhost:39999
# → Master key: <your-key>   ← save this

Push your first secret

Push a public dead drop. Once read, it is gone.

sirr push "postgres://user:pass@db:5432/myapp"
# → {"id":"a3f8...7c2d","url":"http://localhost:39999/secrets/a3f8...7c2d"}

The response returns the secret id and a url you can share. Add --reads 1 --ttl 1h to limit to a single read with a 1-hour expiry.

Retrieve a secret

Use the id from the push response to read the secret back. The value prints to stdout.

sirr get a3f8...7c2d
# → postgres://user:pass@db:5432/myapp

If you pushed with --reads 1, try reading it again — you will get a 404. The vault already burned it.

Connect MCP to your local instance

Add the Sirr MCP server so Claude can push and pull secrets from your local instance.

claude mcp add --transport stdio \
  --env SIRR_SERVER=http://localhost:39999 \
  --env SIRR_TOKEN=$SIRR_MASTER_API_KEY \
  sirr -- npx -y @sirrlock/mcp

That is it. Claude can now use store_secret and read_secret tools directly in conversation.

What is next

• DevOps Quickstart — add an org, create principals, and store rotating secrets for Claude and GitHub
• MCP Server — full MCP tool reference and multi-tenant configuration
• API Keys — scope access to specific secret prefixes
• Architecture — how Sirr encrypts and stores secrets