Encrypted clipboard manager for Windows and Linux.
Download · Features · Development
- Clipboard history — automatically captures text and images you copy
- Encrypted vault — history is stored in a SQLCipher database; keys live in the OS keychain (Windows Credential Manager / Linux Secret Service)
- Vault password + recovery phrase — BIP-39 mnemonic for recovery and device pairing (QR)
- Secure paste — hotkey (Ctrl+Shift+C) creates a one-time encrypted link; ciphertext is uploaded, the decryption key stays in the URL fragment (not sent to the server). Paste links opened in a browser can hand off to the desktop app via
cmdv:// - Password-manager awareness — skips capture when the foreground app is a known password manager (Windows)
- Search and filter — full-text search with content type filtering and favorites
- Encrypted backup — export and import an encrypted blob of your history (manual sync between devices today)
- System tray — runs in the background; global shortcut Ctrl+U to open
- Auto-updates — checks GitHub Releases on launch; install from Settings
- Cross-platform — Windows (NSIS installer) and Linux (AppImage, .deb)
- Cloud sync — optional sync across devices; client-side encryption before upload (zero-knowledge on the server)
- File clipboard — capture file paths from the clipboard
- macOS Universal Links — associate
cmdv.todirectly with the app (Apple entitlements +.well-known/apple-app-site-association) - Mobile deep links —
tauri-plugin-deep-linksupports verified HTTPS on iOS/Android - Deep link URL versioning — backward compat strategy if
cmdv://format evolves
| Layer | Technology |
|---|---|
| Frontend | React 19, Tailwind CSS 4, TypeScript |
| Backend | Rust, Tauri v2 |
| Database | SQLite with SQLCipher (encrypted at rest) |
| Crypto | AES-256-GCM (vault, backups), AES-128-GCM (secure paste), Argon2, BLAKE3, HKDF-SHA256 |
| Key storage | OS keychain |
| Secure paste | Encrypted upload to API; paste site decrypts in the browser using the URL fragment |
Grab the latest release from the Releases page.
| Platform | Format | File |
|---|---|---|
| Windows | NSIS installer | cmdv_x.y.z_x64-setup.exe |
| Linux | AppImage (universal) | cmdv_x.y.z_amd64.AppImage |
| Linux | Debian package | cmdv_x.y.z_amd64.deb |
Windows note: The installer is currently unsigned, so SmartScreen may show an "unknown publisher" warning. Click "More info" → "Run anyway" to proceed.
Linux AppImage: Make it executable and run:
chmod +x cmdv_*.AppImage
./cmdv_*.AppImage- Node.js (LTS)
- Rust (stable)
- Tauri v2 system dependencies:
- Windows: WebView2 (included in Windows 10/11)
- Linux:
libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev libsecret-1-dev patchelf
git clone https://github.com/oklar/cmdv.git
cd cmdv
npm installnpm run tauri devnpm run tauri buildBundles are output to src-tauri/target/release/bundle/.
Releases are automated via GitHub Actions (Release workflow). Pushing to main only runs CI — Release runs when you push a tag.
To publish a new version:
- Bump
versioninsrc-tauri/tauri.conf.json - Commit the change
- Push the commit, then tag that commit and push the tag (tag name must match the config, e.g.
"0.9.4"→v0.9.4):
git push origin main
git tag v0.9.4
git push origin v0.9.4- The Release workflow builds Windows + Linux artifacts and creates a draft release (~15–20 min)
- Review the draft on GitHub, then publish
Existing users receive the update automatically on next app launch.
Avoid git push --tags for releases — it pushes every local tag and is easy to tag the wrong commit before the version bump is on main. To re-trigger a release after fixing a tag, delete it on the remote and push again:
git push origin :refs/tags/v0.9.4
git tag -d v0.9.4
git tag v0.9.4
git push origin v0.9.4