mirror of https://github.com/oven-sh/bun synced 2026-02-09 10:28:47 +00:00

Go to file

Jarred Sumner 707fc4c3a2 Introduce Bun.secrets API (#21973 )

This PR adds `Bun.secrets`, a new API for securely storing and
retrieving credentials using the operating system's native credential
storage locally. This helps developers avoid storing sensitive data in
plaintext config files.

```javascript
// Store a GitHub token securely
await Bun.secrets.set({
  service: "my-cli-tool",
  name: "github-token",
  value: "ghp_xxxxxxxxxxxxxxxxxxxx"
});

// Retrieve it when needed
const token = await Bun.secrets.get({
  service: "my-cli-tool",
  name: "github-token"
});

// Use with fallback to environment variable
const apiKey = await Bun.secrets.get({
  service: "my-app",
  name: "api-key"
}) || process.env.API_KEY;
```

Marking this as a draft because Linux and Windows have not been manually
tested yet. This API is only really meant for local development usecases
right now, but it would be nice if in the future to support adapters for
production or CI usecases.

### Core API
- `Bun.secrets.get({ service, name })` - Retrieve a stored credential
- `Bun.secrets.set({ service, name, value })` - Store or update a
credential
- `Bun.secrets.delete({ service, name })` - Delete a stored credential

### Platform Support
- **macOS**: Uses Keychain Services via Security.framework
- **Linux**: Uses libsecret (works with GNOME Keyring, KWallet, etc.)
- **Windows**: Uses Windows Credential Manager via advapi32.dll

### Implementation Highlights
- Non-blocking - all operations run on the threadpool
- Dynamic loading - no hard dependencies on system libraries
- Sensitive data is zeroed after use
- Consistent API across all platforms

## Use Cases

This API is particularly useful for:
- CLI tools that need to store authentication tokens
- Development tools that manage API keys
- Any tool that currently stores credentials in `~/.npmrc`,
`~/.aws/credentials` or in environment variables that're globally loaded

## Testing

Comprehensive test suite included with coverage for:
- Basic CRUD operations
- Empty strings and special characters
- Unicode support
- Concurrent operations
- Error handling

All tests pass on macOS. Linux and Windows implementations are complete
but would benefit from additional platform testing.

## Documentation

- Complete API documentation in `docs/api/secrets.md`
- TypeScript definitions with detailed JSDoc comments and examples

---------

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude <noreply@anthropic.com>

2025-08-23 06:57:00 -07:00

.buildkite

Add Windows code signing setup for x64 builds (#22022 )

2025-08-22 03:53:57 -07:00

.claude/commands

[publish images] Upgrade self-reported Node.js version from 22.6.0 to 24.3.0 (v2) (#20772 )

2025-07-02 12:06:08 -07:00

.cursor

safety: a lot more exception checker progress (#20956 )

2025-07-16 00:11:19 -07:00

.github

github action

2025-08-18 18:10:46 -07:00

.vscode

SQLite in Bun.sql (#21640 )

2025-08-19 23:15:53 -07:00

bench

Add Bun.YAML.parse and YAML imports (#22073 )

2025-08-23 06:55:30 -07:00

cmake

Introduce Bun.secrets API (#21973 )

2025-08-23 06:57:00 -07:00

completions

Add comprehensive CLI flag parser for shell completions (#21604 )

2025-08-07 15:38:35 -07:00

dockerhub

Update docker images from debian:bullseye to debian:bookworm (#18278 )

2025-04-12 06:17:53 -07:00

docs

Introduce Bun.secrets API (#21973 )

2025-08-23 06:57:00 -07:00

misctools

lldb: pretty printing for bun.String, ZigString, WTFStringImpl (#21685 )

2025-08-07 17:51:33 -07:00

packages

Introduce Bun.secrets API (#21973 )

2025-08-23 06:57:00 -07:00

patches

Upgrade libarchive to v3.8.1 (#21250 )

2025-07-21 20:08:00 -07:00

scripts

Add Windows code signing setup for x64 builds (#22022 )

2025-08-22 03:53:57 -07:00

src

Introduce Bun.secrets API (#21973 )

2025-08-23 06:57:00 -07:00

test

Introduce Bun.secrets API (#21973 )

2025-08-23 06:57:00 -07:00

.clang-tidy

Reapply "Convert build scripts to CMake (#13427 )"

2024-09-11 08:24:50 -07:00

.clangd

meta: fix disabling of clangd auto header insertion (#17172 )

2025-02-10 02:04:21 -08:00

.cursorignore

Update .cursorignore

2024-12-26 11:48:30 -08:00

.dockerignore

bump webkit (#15328 )

2024-12-12 03:21:56 -08:00

.editorconfig

Bring uSockets & uWebSockets forks into Bun's repository (#4372 )

2023-08-28 08:38:30 -07:00

.git-blame-ignore-revs

Update .git-blame-ignore-revs

2025-06-13 16:16:14 -07:00

.gitattributes

Use "module": "Preserve" (#19655 )

2025-05-14 18:43:15 -07:00

.gitignore

internal: add lldb inline comment tool

2025-08-05 03:23:16 -07:00

.lldbinit

Move LLDB initialization commands to make attach configuration work (#20085 )

2025-05-30 19:33:03 -07:00

.mailmap

do not print duplicate code (#16231 )

2025-01-07 20:19:12 -08:00

.prettierignore

disable async in script tags in dev server (#17517 )

2025-02-21 11:28:27 -08:00

.prettierrc

fix vscode json handling in prettier (#10133 )

2024-04-09 20:42:42 -07:00

.typos.toml

ci: check for typos in documentation (#16235 )

2025-01-08 07:23:54 +00:00

AGENTS.md

Make AGENTS.md a symlink to CLAUDE.md

2025-06-27 21:13:21 -07:00

build.zig

Auto cpp->zig bindings (#20881 )

2025-07-21 16:26:07 -07:00

bun.lock

SQLite in Bun.sql (#21640 )

2025-08-19 23:15:53 -07:00

bunfig.node-test.toml

node:module compatibility pt 1 (#18106 )

2025-03-12 15:47:41 -07:00

bunfig.toml

fix(install): isolated install aliased dependency name fix (#21138 )

2025-07-19 01:59:52 -07:00

CLAUDE.md

Update CLAUDE.md

2025-08-18 03:20:07 -07:00

CMakeLists.txt

Update CMakeLists.txt

2025-02-06 18:07:55 -08:00

CODE_OF_CONDUCT.md

Add a code of conduct

2022-09-03 20:54:15 -07:00

CONTRIBUTING.md

Auto cpp->zig bindings (#20881 )

2025-07-21 16:26:07 -07:00

entitlements.debug.plist

Faster debug builds (#16354 )

2025-01-12 20:03:24 -08:00

entitlements.plist

New subcommand: bun upgrade. It upgrades bun to the latest version.

2021-10-28 05:34:38 -07:00

LATEST

Bump

2025-08-10 11:38:31 -07:00

LICENSE.md

libdeflate (#12741 )

2024-07-24 01:30:31 -07:00

oxlint.json

Fix several lints (#19121 )

2025-04-19 05:41:34 -07:00

package.json

SQLite in Bun.sql (#21640 )

2025-08-19 23:15:53 -07:00

README.md

bun.sh -> bun.com (#20909 )

2025-07-10 00:10:43 -07:00

SECURITY.md

bun.sh -> bun.com (#20909 )

2025-07-10 00:10:43 -07:00

tsconfig.base.json

feat: new binding generator (#15638 )

2024-12-10 12:43:17 -08:00

tsconfig.json

types: Rewrite to avoid conflicts and allow for doc generation (#18024 )

2025-03-25 14:33:30 -07:00

workspace.code-workspace

2021-08-11 13:56:03 -07:00

Bun

Documentation • Discord • Issues • Roadmap

What is Bun?

Bun is an all-in-one toolkit for JavaScript and TypeScript apps. It ships as a single executable called bun.

At its core is the Bun runtime, a fast JavaScript runtime designed as a drop-in replacement for Node.js. It's written in Zig and powered by JavaScriptCore under the hood, dramatically reducing startup times and memory usage.

bun run index.tsx             # TS and JSX supported out-of-the-box

The bun command-line tool also implements a test runner, script runner, and Node.js-compatible package manager. Instead of 1,000 node_modules for development, you only need bun. Bun's built-in tools are significantly faster than existing options and usable in existing Node.js projects with little to no changes.

bun test                      # run tests
bun run start                 # run the `start` script in `package.json`
bun install <pkg>             # install a package
bunx cowsay 'Hello, world!'   # execute a package

Install

Bun supports Linux (x64 & arm64), macOS (x64 & Apple Silicon) and Windows (x64).

Linux users — Kernel version 5.6 or higher is strongly recommended, but the minimum is 5.1.

x64 users — if you see "illegal instruction" or similar errors, check our CPU requirements

# with install script (recommended)
curl -fsSL https://bun.com/install | bash

# on windows
powershell -c "irm bun.com/install.ps1 | iex"

# with npm
npm install -g bun

# with Homebrew
brew tap oven-sh/bun
brew install bun

# with Docker
docker pull oven/bun
docker run --rm --init --ulimit memlock=-1:-1 oven/bun

Upgrade

To upgrade to the latest version of Bun, run:

bun upgrade

Bun automatically releases a canary build on every commit to main. To upgrade to the latest canary build, run:

bun upgrade --canary

View canary build

Quick links

Guides

Contributing

Refer to the Project > Contributing guide to start contributing to Bun.

License

Refer to the Project > License page for information about Bun's licensing.

Description

Bun is a fast, incrementally adoptable all-in-one JavaScript, TypeScript & JSX toolkit. Use individual tools like bun test or bun install in Node.js projects, or adopt the complete stack with a fast JavaScript runtime, bundler, test runner, and package manager built in. Bun aims for 100% Node.js compatibility.

Readme 680 MiB

Languages

Zig 60.5%

C++ 24.9%

TypeScript 8.3%

C 3.3%

JavaScript 1.4%

Other 1.1%

README.md

Bun

Read the docs →

What is Bun?

Install

Upgrade

Quick links

Guides

Contributing

License