Skip to main content

Trust & Transparency

We understand that feeding your secrets through any tool requires trust. This page explains exactly what Mantle does with your data.

Your Secrets Never Leave Your Machine

TL;DR: Secret values are processed entirely locally. Mantle never transmits your actual secrets anywhere.
Here’s exactly what happens when you run dotset mantle run:
  1. Secrets are read from your providers (.env, AWS SM, environment variables)
  2. Values are held in-memory during command execution only
  3. Output streams are scanned for these values and redacted
  4. After exit, secret values are garbage collected — never written to disk

What is NOT Collected

DataCollected?Reason
Secret values❌ NeverProcessed locally only
Secret names/keys❌ NeverNot needed
Build log contents❌ NeverRedaction happens locally
Source code❌ NeverWe never access your code
.env file contents❌ NeverRead locally, never transmitted

100% Local Operation

Mantle is designed to work 100% locally. No cloud connection is required:
FeatureWorks Offline?
Secret redaction✅ Yes
.env file loading✅ Yes
Protection modes (detect/redact/block)✅ Yes
HTML report generation✅ Yes
All CLI features✅ Yes

Open Source & Auditable

The entire Mantle CLI is open source under the MIT license. You can:

View Source Code

Full source on GitHub

Build From Source

Clone and build locally instead of using npm

Report Issues

Security issues welcome via responsible disclosure

Verify It Yourself

Don’t trust us? Good. Here’s how to verify our claims:

1. Read the Code

The entire CLI is open source. Check any file you want: 
git clone https://github.com/dotsetlabs/cli
# Read any file — there's nothing hidden

2. Build From Source

git clone https://github.com/dotsetlabs/cli
cd mantle
npm install
npm run build
npm link

# Now use your locally-built version
dotset mantle run -- npm start

Security Contact

Found a security issue? We take security seriously. Email: [email protected] We follow responsible disclosure practices and will work with you to address any vulnerabilities.