Murmur manages three kinds of secrets — tenant-wide, per-developer, and per-spawn. All are encrypted at rest and delivered as environment variables on agent VMs.Documentation Index
Fetch the complete documentation index at: https://docs.murmur.dev/llms.txt
Use this file to discover all available pages before exploring further.
Tenant secrets
Tenant secrets are shared across your team. You create them withmurmur secret set, and they are injected as environment variables on every agent VM in the workspaces that reference them.
Values are never displayed — murmur secret ls shows names only.
Developer secrets
Developer secrets are per-developer credentials — your GitHub token, Claude token, API keys, and SSH signing key. They are encrypted to your identity, so only your agents can use them.murmur setup gathers and encrypts these automatically. You do not manage them individually.
Spawn-time secrets
Pass one-off credentials to a single agent at spawn time with the-e flag on murmur spawn. These are encrypted before delivery and exist only for the lifetime of that agent. They do not persist to the catalog.
Credential rotation
murmur rekey re-encrypts and re-delivers your credentials to a running agent’s VM and all its children — without restarting the agent.
| Type | Page |
|---|---|
| Reference | secret |
| Reference | user-secret |
| Reference | user |
| Reference | murmur secret set |
| Reference | murmur rekey |
| Guide | Service profiles |
| Guide | VM environment |
| Concept | Workspaces |