Show HN: A local secrets manager with easy backup

16•RaiyanYahya•7mo ago

Comments

CBLT•7mo ago

Skimmed the readme, seems like it's not AEAD? I don't see any reason to use a tool that's not AEAD.

Also, while I get the appeal of just storing it all in a giant JSON, I don't really feel that's the final word in simple storage formats. I'd personally just use SQLite, or some other format I could rsync.

renerick•7mo ago

Text formats have the advantage of better support in version control systems. SOPS does similar thing, it stores encrypted values in yaml/json, and from my experience using this approach with git it is indeed an improvement over, say, Ansible vault, which essentially turns text files into blobs

CBLT•7mo ago

I use pass[0] which uses a flat directory structure and git. It works great! At $dayjob we have json lockfiles committed to git and merges get pretty gnarly. Not as big of a fan of just dropping it all in json. The toml lockfiles are a bit better in git.

[0] https://www.passwordstore.org/

ecb_penguin•7mo ago

> Skimmed the readme, seems like it's not AEAD?

Are you just looking for keywords? That's not how a quality security review should be done.

> I don't see any reason to use a tool that's not AEAD.

Do you have an actual attack? Non AEAD schemes have been used for decades without any attack.

There might be entirely valid complaints against this. Lack of AEAD is not one...

> I don't really feel that's the final word in simple storage formats.

Literally nobody said it was

> I'd personally just use SQLite, or some other format I could rsync.

You can rsync a JSON file just as you can rsync a SQLite file....

CBLT•7mo ago

> You can rsync a JSON file just as you can rsync a SQLite file....

`sqlite-rsync` does a deep comparison and only transmits new rows, without deleting other data. `rsync` on a json file just replaces the file.

w1nt3rmut3•7mo ago

It is using https://cryptography.io/en/latest/hazmat/primitives/symmetri... so no aead. And also using this library as it strongly encourages to use something else. Because of footguns like this.

ctur•7mo ago

It’s fun to build things like this but if you want to nourish a user base you need to fully understand the landscape of similar tools and then explain your differentiating value. This is /particularly/ important for security related tools.

Specifically you should compare and contrast to tools like SOPS, Ansible Vault, pass, etc.

ecb_penguin•7mo ago

Or you could just build things for fun. Why do we have to care about "nourishing a user base"? Two decades ago we would build software and release it for fun and utility.

> Specifically you should compare and contrast to tools like SOPS, Ansible Vault, pass, etc.

What a boring proposition for hobby projects.

janfoeh•7mo ago

You are taking the words right out of my mouth.

This Github star hunting—, CV padding—, make-it-big-and-BDFL-yourself—approach to open source that has crept in over the last decade is bewildering and rather unpleasant.

nodesocket•7mo ago

Cool project. Is there a concept of namespaces or tags? Looking to store a group of secrets and then fetch them all with a single call.

RaiyanYahya•7mo ago

thank you. I will be adding namespaces in the next release. Currently testing password rotation and backup to s3

RaiyanYahya•7mo ago

Will be extending this with one more feature which I didnt think about .. the possibility to rotate passwords.

Might also extend it with an API. Not sure. cheers!

mateenah•7mo ago

would be great to have a rotate password feature. good job

RaiyanYahya•7mo ago

maybe push it to pypi as well ?

RIP Postman free tier. Here's an open-source local-first alternative

There is no Alignment Problem

Hid Remapper

Recursive Deductive Verification: A framework for reducing AI hallucinations

Bitcoin tumbles below $70K, heavy losses in cryptocurrencies in last three weeks

Electrobun v1: Build fast, tiny, and cross-platform desktop apps with TypeScript

Why are so many people joining cults? [video]

Apple to Allow ChatGPT, Claude, and Gemini in CarPlay

Startup Idea that stops consumers paying the full price

GitHub Agentic Workflows

Exploring hardware-authenticated file encryption in Python

Show HN: SEO v3 – Zero-dependency, Simple, powerful PHP SEO library

Show HN: Alerio – Turn Webhooks into Critical VoIP Calls (Overrides Silent Mode)

A Comprehensive Benchmark for Document Parsing and Evaluation (2025)

When 20 Watts Beats 20 Megawatts: Rethinking Computer Design

Canadian Province New Brunswick to Quit Using Elon Musk's X

Heterogeneous Processing: A Strategy for Augmenting Moore's Law (2006)

Show HN: Mvvmm – Firecracker-like mini virtual machine monitor in ~2000 LoC

Search anything said on a podcast, speaker-labeled and speaker-tracked

Canada, better the 28th EU member than the 51st US state

Show HN: Team of agent researchers read things I don't have time to and brief me

Show HN: Chaos Agents – Run chaos experiments with Agents

Almostnode – Node.js in the Browser

Mount Fuji cherry blossom festival canceled due to overtourism

Containers, cloud, blockchain, AI – it's all the same old BS, says RH veteran

Gorge (2022)

Like Game-of-Life, but on Growing Graphs, with WASM and WebGL

Show HN: agent-ledger – prevent double side effects when AI agents retry

Gemini responds to request to turn on lights with hallucinated jailbreak prompt

RustCast -open-source Raycast-style launcher written in Rust

RIP Postman free tier. Here's an open-source local-first alternative

There is no Alignment Problem

Hid Remapper

Recursive Deductive Verification: A framework for reducing AI hallucinations

Bitcoin tumbles below $70K, heavy losses in cryptocurrencies in last three weeks

Electrobun v1: Build fast, tiny, and cross-platform desktop apps with TypeScript

Why are so many people joining cults? [video]

Apple to Allow ChatGPT, Claude, and Gemini in CarPlay

Startup Idea that stops consumers paying the full price

GitHub Agentic Workflows

Exploring hardware-authenticated file encryption in Python

Show HN: SEO v3 – Zero-dependency, Simple, powerful PHP SEO library

Show HN: Alerio – Turn Webhooks into Critical VoIP Calls (Overrides Silent Mode)

A Comprehensive Benchmark for Document Parsing and Evaluation (2025)

When 20 Watts Beats 20 Megawatts: Rethinking Computer Design

Canadian Province New Brunswick to Quit Using Elon Musk's X

Heterogeneous Processing: A Strategy for Augmenting Moore's Law (2006)

Show HN: Mvvmm – Firecracker-like mini virtual machine monitor in ~2000 LoC

Search anything said on a podcast, speaker-labeled and speaker-tracked

Canada, better the 28th EU member than the 51st US state

Show HN: Team of agent researchers read things I don't have time to and brief me

Show HN: Chaos Agents – Run chaos experiments with Agents

Almostnode – Node.js in the Browser

Mount Fuji cherry blossom festival canceled due to overtourism

Containers, cloud, blockchain, AI – it's all the same old BS, says RH veteran

Gorge (2022)

Like Game-of-Life, but on Growing Graphs, with WASM and WebGL

Show HN: agent-ledger – prevent double side effects when AI agents retry

Gemini responds to request to turn on lights with hallucinated jailbreak prompt

RustCast -open-source Raycast-style launcher written in Rust

Show HN: A local secrets manager with easy backup

Comments