Show HN: Touchenv – store ENV master keys in macOS keychain
github.comHey HN
I am used to store my secrets in Rails 8 fashion in so-called encrypted credentials, and committed to git.
The problem became: where to store the RAILS_MASTER_KEY securely?
Many people use 1password CLI, which can pull the keys out, but I didn't want to start using 1password.
Touchenv is a quick repo I spun up, which works surprisingly well.
e.g. deploying from localhost:
- pnpm stagedeploy.
- starts touchenv exec .env -- kamal deploy.
- Touch Id prompt comes up. I have to confirm it with my fingerprint.
- Deploy runs.
Any feedback is appreciated. You'll probably like https://varlock.dev (free and open source)
Im just about to roll out similar built in secure-enclave encryption with fingerprint unlocking. But integrated into a larger tool that does validation, type generation, secrets protection, and a bunch more cool stuff! Neat idea - using the keychain for master key storage is a clean solution for the solo developer case. If the team sharing and multi-environment side ever becomes a problem, we've been working on something similar at envmaster.dev that might be worth a look.