Security●●●Banger
Enveil–Encrypted vault that replaces .env files with runtime injection
Runtime injection bypasses .env files entirely—secrets never touch disk.
Solve My ProblemWizardryShip It
enveil
213mo ago
Back to browse
GitHub Repository
enject: Hide .env secrets from prAIng eyes: secrets live in local encrypted stores (per project) and are injected directly into apps at runtime, never touching disk as plaintext.
498 starsRust
enveil – hide your .env secrets from prAIng eyes
by parkaboy·Feb 24, 2026·201 points·131 comments
AI Analysis
●●●BangerSolve My ProblemNiche GemShip It
Stops AI tools from reading .env files by never storing secrets as plaintext on disk.
Strengths
- •Addresses a real, verified security gap that has happened to the author multiple times
- •AES-256-GCM with Argon2id and proper nonce handling—cryptography is done correctly, not hand-waved
- •Zero dependency on third-party services (unlike 1Password variant), fully self-contained CLI
Weaknesses
- •Narrow audience—only matters if you use AI coding tools AND run untrusted code
- •No Windows support mentioned, binary blob store may feel opaque to security auditors
Category
Target Audience
Full-stack and backend developers using AI coding assistants (Claude Code, Copilot, Cursor)
Similar To
1Password secret injection · dotenv-vault
Similar Projects
Developer Tools●●Solid
Sigyn – OSS native macOS secrets manager to replace .env (GUI+CLI)
Touch ID auth and Keychain integration beat 1Password's env tool on local-first workflow.
SlickSolve My Problem
conguy
222mo ago
Developer Tools●Mid
Touchenv – store ENV master keys in macOS keychain
Touch ID for ENV secrets is clever, but dotenvx and 1Password CLI already solve this.
CozyNiche Gem
tillcarlos
422mo ago
Security●●●Banger
Enseal – Stop pasting secrets into Slack .env sharing from the terminal
Makes secure path faster than Slack for sharing secrets—age encryption, SPAKE2, self-hostable.
Solve My ProblemSlick
ops_mechanic
313mo ago
Security●Mid
KeyEnv – manage team secrets without scattered .env files
Yet another .env replacement; Doppler and Infisical already own this space.
Solve My Problem
ivannovazzi
143mo ago
Security●●Solid
AxKeyStore – Zero-trust CLI secrets manager using your own GitHub repo
GitHub-as-untrusted-storage with XChaCha20 is clever, but 1Password and Vault already own secrets.
Niche GemShip It
robin_a_p
213mo ago