Show HN: CloudEnv – Simple E2E encrypted hosted environmental variables
cloudenv.comHi all; I created an secret management service called CloudEnv (https://cloudenv.com).
There is already Doppler, EnvKey, Vault and a few others, but I wanted something that was:
- End-to-End encrypted, I don't want my secrets hosted in plain text
- Super easy and quick to setup
- CLI friendly, I'm plenty happy using vim
- I didn't want to use any crazy desktop GUIs to edit my vars
Nothing satisfied all these requirements for me. Vault was too heavy. Doppler was not e2e encrypted. EnvKey had a crazy desktop GUI.
I wanted something just right for small teams.
So I made https://CloudEnv.com
Would love your thoughts. Thank you!
Congrats on the launch! Looks interesting.
I found some of your comments a bit strange though... are you suggesting that any of those other tools host your secrets in plain text? I never used EnvKey, but what's crazy about their desktop GUI?
I'm obviously biased, but for our own use, I created a small open-source wrapper called envwarden[0] that uses Bitwarden to manage our server secrets. I trust Bitwarden already with plenty sensitive stuff and I'm sure it's not stored in plaintext anywhere. The GUIs aren't crazy but rather simple. They have browser add-ons, mobile apps, desktop apps, plus CLI that envwarden interfaces with...
Not affiliated with Bitwarden in any way. Just happy customers and also happy to create a simple way to manage your server secrets with it.
Great questions! Thank you!
Doppler does not do End-to-End encryption, so their service has plain text access to your secrets.
What's crazy about a desktop GUI to manage secrets to me is that it's overkill when doing vim with the equivalent of a .env file is perfectly adequate for many use cases.
Envwarden is great, but with CloudEnv you can do access control via IP addresses, you can grant new IP address access via email approval, you can grant read-only access to some IP addresses... so you get a lot of flexibility over who and when the access to your secrets is given. In addition, there is an auditable access log that keeps track of when and where every access attempt was made.