Skip to content

Installation

VaultGuard ships as a single static binary. No runtime dependencies.

Supported Platforms

PlatformArchitectureStatus
Linuxx64Supported
Linuxarm64Supported
macOSx64 (Intel)Supported
macOSarm64 (Apple Silicon)Supported
Windowsx64Supported

Quick Install

Linux / macOS

sh
curl -sSf https://releases.vaultguard.sh/install.sh | sh

The installer detects your platform, downloads the correct binary, verifies the SHA256 checksum, and installs to /usr/local/bin.

Windows (PowerShell)

powershell
irm https://releases.vaultguard.sh/install.ps1 | iex

Staying up to date

After installing, run vaultguard update at any time to upgrade to the latest version. The updater verifies checksums and signatures automatically.

Verify Installation

sh
vaultguard version

Expected output:

vaultguard 0.6.0

Binary Signing

Every release binary is signed with minisign (Ed25519). The install scripts verify checksums automatically. The public key is available at releases.vaultguard.sh/vaultguard.pub for manual verification.

To verify a binary manually:

sh
minisign -Vm vaultguard-linux-x64.tar.gz -p vaultguard.pub

Why minisign?

Minisign uses Ed25519 signatures, which are fast, compact, and resistant to many classes of implementation bugs. It is a simpler, more focused alternative to GPG for binary signing.

Manual Download

Pre-built binaries for all platforms are available on the releases page.

Each release includes:

  • Platform-specific archives (.tar.gz for Linux/macOS, .zip for Windows)
  • checksums.sha256 with SHA256 hashes for all archives
  • .minisig signature files

Download the archive for your platform, extract the binary, and place it somewhere on your PATH.

No package manager support yet

VaultGuard is distributed as pre-built binaries only. Homebrew, apt, and other package manager support is planned.

Next Steps

VaultGuard -- Security scanning for AI-generated code