Show HN: Touchenv – store ENV master keys in macOS keychain

Show HN: Touchenv – store ENV master keys in macOS keychain(github.com)

4 points by tillcarlos 62 days ago | 2 comments

Hey HN

I am used to store my secrets in Rails 8 fashion in so-called encrypted credentials, and committed to git.

The problem became: where to store the RAILS_MASTER_KEY securely?

Many people use 1password CLI, which can pull the keys out, but I didn't want to start using 1password.

Touchenv is a quick repo I spun up, which works surprisingly well.

e.g. deploying from localhost:

  - pnpm stagedeploy.  
  - starts touchenv exec .env -- kamal deploy. 
  - Touch Id prompt comes up. I have to confirm it with my fingerprint. 
  - Deploy runs.

My next step is to make a similar thing for my CI, or just use the KWS from AWS. I'll look into that soon.

Any feedback is appreciated.

theozero 61 days ago |

You'll probably like https://varlock.dev (free and open source) Im just about to roll out similar built in secure-enclave encryption with fingerprint unlocking. But integrated into a larger tool that does validation, type generation, secrets protection, and a bunch more cool stuff!

selixe_ 61 days ago |

Neat idea - using the keychain for master key storage is a clean solution for the solo developer case.

If the team sharing and multi-environment side ever becomes a problem, we've been working on something similar at envmaster.dev that might be worth a look.