Show HN: Lockenv – Simple encrypted secrets storage for Git
3 days ago
- #encryption
- #cli-tool
- #secret-management
- lockenv is a CLI-friendly secret storage tool for small teams, offering a simpler alternative to sops/git-crypt for managing .env and infra secrets.
- It encrypts sensitive files into a single .lockenv vault file using a password-derived key, allowing safe commits to version control.
- Features include manual Git integration (lock/unlock), password + keyring authentication, and support for various OS platforms (Linux, macOS, Windows).
- Installation options include Homebrew, .deb/.rpm packages, pre-built binaries, and Go installation.
- Basic commands: `lockenv init` to initialize, `lockenv lock` to encrypt files, and `lockenv unlock` to decrypt files with smart conflict resolution.
- Git integration involves ignoring sensitive files in .gitignore and committing only the encrypted .lockenv file.
- Security features include AES-256-GCM encryption, PBKDF2 key derivation, and memory safety practices.
- CI/CD support via environment variables (LOCKENV_PASSWORD) and OS keyring integration for password management.
- Limitations include handling large binary files (>100MB) and single password access control for the entire vault.