arca — age-encrypted secrets, safe in front of AI agents

why arca

Small, file-based, agent-safe

🔒

Encrypted at rest

Per-value age ciphertext with cleartext metadata in one JSON store. Reuses your existing sops key. No daemon, no account.

🪄

Use without revealing

A command execs with a secret, or a config injects a reference — the value never reaches stdout or an agent's context.

📓

Audited & fail-closed

Every access is logged with the calling agent, version, and session. If it can't be recorded, it doesn't happen.

🤖

Built for AI agents

An arca mcp server exposes audited tools, plus per-secret --no-print, approval gates, and TTLs an agent can't bypass.

install

Pick your platform

# macOS / Linux brew install \ arenzana/tap/arca

Homebrew

# Windows scoop bucket add \ arenzana … scoop install arca

Scoop

# anywhere with Go go install \ github.com/arenzana/arca@latest

go install

quickstart

Thirty seconds in

# reuse your sops key, or generate one arca init printf '%s' "$TOKEN" | arca set GITHUB_TOKEN --tag ci # use it without it ever hitting stdout arca exec -- terraform apply # generate, expire, and audit arca generate DB_PASSWORD --length 32 --no-print arca set TMP_TOKEN --ttl 1h arca log GITHUB_TOKEN

in practice

What makes it different

🪄 Use a secret without revealing it

A command gets the value in its environment — it never touches stdout or an agent's context.

$ arca exec -- terraform apply

🤖 Hand an agent secrets it can't read

Over MCP, an agent runs commands with a secret while the value stays out of the model.

$ claude mcp add arca -- arca mcp
# the agent calls run_with_secrets — it uses the value, never sees it

⏳ Random, expiring, exec-only — and audited

Generate a token that's never printed, expires in an hour, and logs every use.

$ arca generate API_TOKEN --ttl 1h --no-print
$ arca log API_TOKEN     # who used it, and when