HN Showcase
Back to browse
GitHub Repository

Keep secrets out of .env files. Encrypted vault with runtime injection — works locally or synced across a team via self-hosted server.

14 starsGo

Enveil–Encrypted vault that replaces .env files with runtime injection

by enveil·Mar 2, 2026·2 points·1 comment
Visit ProjectView on HN

AI Analysis

●●●BangerSolve My ProblemWizardryShip It

Runtime injection bypasses .env files entirely—secrets never touch disk.

Strengths
  • Argon2id key derivation + SQLCipher + AES-GCM = rigorous crypto, not handwaving.
  • Team server stores only ciphertext; client-side encryption means zero-knowledge model.
  • Eliminates entire class of accidents: committed .env files, shared secrets, AI tool exposure.
Weaknesses
  • Windows requires WSL2; native support would broaden adoption.
  • No audit logging or secret rotation features mentioned for team deployments.
Category
Security
Target Audience

Backend developers, DevOps teams, security-conscious projects

Similar To

Hashicorp Vault · 1Password CLI · Doppler

Similar Projects

Developer Tools●●●Banger

enveil – hide your .env secrets from prAIng eyes

Stops AI tools from reading .env files by never storing secrets as plaintext on disk.

Solve My ProblemNiche GemShip It
parkaboy
2011313mo ago