Ask HN: How do you share and sync .env files and secrets with your team

1. rot

   1 8 502 5.1 Go

   Secure Secrets Management for the Modern Sysadmin

   

   I built Rot to solve this. It creates a git diff-able list of keyrings and secrets that you can inject via environment variables to sub commands, like `rot run mykeyring terraform apply`. You can use Shamir Secret Sharing to create "disaster recovery" access into the keyrings too.

   https://rotx.dev

2. Nutrient

   www.nutrient.io featured

   Nutrient – The #1 PDF SDK Library, trusted by 10K+ developers. Other PDF SDKs promise a lot - then break. Laggy scrolling, poor mobile UX, tons of bugs, and lack of support cost you endless frustrations. Nutrient’s SDK handles billion-page workloads - so you don’t have to debug PDFs. Used by ~1 billion end users in more than 150 different countries.

   

3. infisical

   2 113 16,797 10.0 TypeScript

   ♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI

   

   We use Infisical for both our dev and prod environments. If you're a YC company you can get your first year free.

   https://infisical.com

4. git-crypt

   3 54 8,602 2.6 C++

   Transparent file encryption in git

   

   Years ago, before going full on Vault, I was using git-crypt, a git plugin that uses gpg to encrypt files before committing them to the repo.

   Not sure if it’s still fine, I see their last release is 2 years old nowadays.

   https://github.com/AGWA/git-crypt

5. kcUtils

   4 1 4 8.6 Shell

   Misc utils, scripts, and templates used by Casey Labs

   

   Agreed, SOPS can be great for small teams and requires very little setup. We followed this demo's example when setting it up:

   https://github.com/CaseyLabs/kcUtils/tree/main/utils/kcSops

6. direnv-1password

   5 2 33 5.9 Shell

   1Password helpers for direnv

   

   I'm currently using direnv + 1password + https://github.com/tmatilai/direnv-1password. `direnv` to load shell environment dynamically upon entering a directory. It can load static .env files, but can also source shell scripts to load envvars.

   1password is the company password manager. It has shared 'vaults' where a team can share secrets with one another. They can thus be used for authorization, who can access which secrets.

   direnv-1password is a plugin for direnv that will load secrets from 1password into envvars. With this, upon entering a project, you'll be asked to unlock 1password (using yubi or fingerprint scan) and it'll fetch the needed secrets from the project.

   This way secrets secrets are not easily readable from your disk, like they would with .env files.

   Other password managers likely have similar tooling for direnv. Though I don't know whether it'll be this convenient.

7. jaeger

   6 1 44 - Go

   Jaeger is a JSON encoded GPG encrypted key value store. It is useful for generating and keeping configuration files secure. Jaeger is written in Go. (by jyap808)

   At a former workplace I wrote this tool which was put to use.

   It utilizes GPG to store the secrets and Golang templates to support the files.

   https://github.com/jyap808/jaeger

8. ess

   7 4 87 6.4 Go

   ess (env-sample-sync): automatically and safely synchronize env.sample files with .env

   

   I use `ess` (env sample sync) to sync my `.env` with `env.sample`: https://github.com/acaloiaro/ess

9. CodeRabbit

   coderabbit.ai featured

   CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

   

10. pass-import

    8 421 829 8.0 Python

    A pass extension for importing data from most existing password managers

    

    I moved to the `pass` ecosystem years ago and never looked back:

    https://www.passwordstore.org/

Suggest a related project