Now that I have your attention (“Don’t you dare version control environment files!!”, “This can’t be safe.”) and before you tear me and my project to shreds, please allow me to take a moment to celebrate something small but meaningful: I’ve finally released a thing. Thank you.

Motivation tl;dr: The existing tools and libraries for versioning and syncing environment files / secrets across team members and CI machines just didn’t cut it for me. So, I set out to create my own solution — one finally checks all my boxes.

So what is places-env?

(I encourage you to check the readme https://github.com/marckrenn/places-env/tree/develop?tab=rea... over on GitHub – it will all make a lot more sense with the corresponding schematic.)

- places-env is a self-contained, completely free open-source (FOSS) alternative to HashiCorp Vault, Infisical, dotenv-vault and sops.

- Leverages a single source of truth (SSOT) places.yaml for deriving multiple environment files.

- Similar to sops, places-env encrypts only the values in places.yaml, resulting in places.enc.yaml, which can be securely checked into git:

  - Congrats, your SSOT is now version-controlled

  - Always synchronized with collaborators

  - Fully in-sync with the rest of your code, branches and tags (try doing that with Infisical & co.)

  - Changes remain 'human-trackable' — even when values are encrypted

  - Contrary to sops, encryption keys can be assigned either per environment or on a per-value basis

- Provides a straightforward setup with no dependency on external services or libraries.

- places watch start (persistently) tracks changes in places.yaml / places.enc.yaml and automatically handles encryption, decryption, keeps .gitignore up-to-date, and auto-updates environment files. So it's essentially set and forget.

If you’re intrigued, please also check out the readme’s FAQ section https://github.com/marckrenn/places-env/tree/develop?tab=rea....

Feedback, criticism, etc. is, of course, very welcome.