Comment by Barathkanna

2 days ago

This actually looks handy for the “small team with a couple of env files” use case. Most secret-management tools are great once you’re at scale, but trying to explain sops or git-crypt to a team that just wants to stop pasting secrets into Slack is… not fun. A simple password-protected vault committed to git is a reasonable middle ground.

I like the OS keyring integration too,removes a lot of friction. Curious how it behaves in multi-machine workflows and whether you plan to add any guardrails around accidental plaintext commits, since that’s usually where lightweight tools get tripped up.

3 comments

Barathkanna

8cvor6j844qw_d6 2 days ago

> stop pasting secrets into Slack

You got me interested. I've seen sharing of API keys via Discords in hackathons.

mhitza 2 days ago
You can use the age tool to encrypt secrets based on ssh public keys.
Here's a small shell script I use https://github.com/mhitza/toolbox/blob/main/scripts/encrypt-...
encrypt-for github_username file
- cl3misch 2 days ago
  
  That's handy and obviously a major security increase compared to sharing on Discord, but I feel compelled to quote the age README:
  > Keep in mind that people might not protect SSH keys long-term, since they are revokable when used only for authentication, and that SSH keys held on YubiKeys can't be used to decrypt files.
  https://github.com/FiloSottile/age?tab=readme-ov-file#encryp...