Ask HN: I built a local-first encrypted secrets manager – feedback?
1 points
16 hours ago
| 0 comments
| HN
I built PushEnv after repeatedly running into the same problems with .env files: secrets getting shared in Slack, committed to Git, going out of sync across machines, and breaking deployments with no clear audit trail or rollback.

PushEnv is a local-first, encrypted workflow for managing environment variables. Secrets are encrypted on the developer’s machine before being stored, and only ciphertext is ever uploaded. There’s no dashboard, no accounts, and no SaaS dependency — just a Git-style push/pull/diff/history flow for .env files.

It also supports type-safe env validation with Zod, zero-file secret injection for CI, and versioned rollbacks.

This is an early version, and I’d really appreciate feedback from people who’ve dealt with secrets management at scale — especially around security assumptions, workflow design, and real-world edge cases.

No one has commented on this post.