Unscrambled CLI

Unscrambled is a command-line tool that gives you secure, authenticated access to any API without storing credentials on your local machine.

The problem

As a power user, you interact with dozens of APIs. Your workflow looks something like this:

• Generate an API key on some dashboard
• Paste it into a .env file or export it in your shell
• Write a curl command with the right Authorization header
• Repeat for every service, every machine, every project

API keys end up in plaintext on disk, scattered across machines, and occasionally committed to repos. OAuth-based services are even worse — you need callback servers, PKCE flows, and token refresh logic just to make a single API call.

The solution

Unscrambled replaces this entire workflow with two commands:

# Authenticate (once per service)
unscrambled auth add github
 
# Call APIs (credentials injected automatically)
unscrambled curl https://api.github.com/user/repos

Your credentials are encrypted and stored in Unscrambled's cloud vault. They never touch your local filesystem. When you run unscrambled curl, your request is routed through Unscrambled's proxy, which injects the appropriate credentials server-side and returns the response.

What you can do

Unscrambled grows with you across five levels of capability:

How credentials are secured

Unscrambled uses envelope encryption with organization-scoped keys. Your credentials are encrypted at rest with AES-256 and the encryption keys themselves are wrapped with a master key managed by AWS KMS. At no point are credentials stored in plaintext or transmitted without TLS.

When you run unscrambled curl, the proxy decrypts the credential in memory for the duration of the request, injects the appropriate header, and discards it. The credential never appears in logs, responses, or on disk.

Getting started

The fastest way to get started is the quick start guide. You'll go from install to your first authenticated API call in under 2 minutes.