HN Showcase
Back to browse
GitHub Repository

Encrypt your .env files and commit them to git. One command. One passphrase. No cloud.

0 starsGo

I got tired of leaking API keys, so I made .env files safe to commit

by mrprincerawat·Feb 23, 2026·1 point·2 comments
Visit ProjectView on HN

AI Analysis

●●SolidShip ItSolve My Problem

dotenv encrypted with Argon2id + pre-commit hook, but HashiCorp Vault exists.

Strengths
  • Argon2id KDF + AES-256-GCM with pre-commit auto-lock and codebase secret scanning; zero-cloud, fully offline
  • Multi-environment support, key caching, CI/CD integration via DOTLOCK_PASSPHRASE env var
Weaknesses
  • Secrets management is saturated (Vault, 1Password, Doppler, AWS Secrets Manager); no clear advantage over industry tools
  • Single-passphrase model doesn't scale to large teams with granular role-based access needs
Target Audience

Backend developers, DevOps engineers managing shared .env secrets across teams

Similar To

HashiCorp Vault · 1Password · Doppler

Similar Projects

Developer Tools●●Solid

API-pilot – deterministic API key resolution with runtime validation

Deterministic fallback order (ENV → .env → vault) plus an opt-in validation mode and a strict CI-friendly option is a practical combo I wish I'd had in several projects. The doctor CLI that lists found keys and minimal provider probes (e.g., GET /v1/models for OpenAI) is a nice touch — useful for catching bad tokens before a pipeline runs. It’s not reinventing secret managers, but the zero-deps, stdlib-only approach and CI strictness make it an immediately usable tool for small teams.

Niche GemSolve My ProblemShip It
avi7777
114mo ago
Security●●●Banger

Phantom – Let AI use your API keys without leaking them

Proxy tokens worthless if leaked, real keys never enter LLM context windows.

Big BrainSolve My ProblemDark Horse
masonwyatt23
202mo ago