Show HN: kiln – Git-native, age-encrypted secrets for dev workflows

https://kiln.sh/

4•pacmansyyu•6h ago

Hi HN, I've been building this tool for the past couple of weeks to solve a problem that seems universal across development teams.

Every team handles secrets badly. Secrets and passwords get shared in Slack, `.env` files sit in plaintext, or you depend on external secret management services that can fail during critical deployments, or even depend on other people to deploy things for you!

I believe your environment secrets should neither depend on external services or people, nor be shared in plaintext.

kiln is a command-line tool for managing encrypted environment variables. It lets you encrypt secrets into files that can be safely committed to version control, with role-based access control so team members can only decrypt the environments they're authorized for.

What kiln does:

- Encrypts environment variables using age encryption with SSH and age keys

- Role-based access control - each file can have different access levels

- Commit encrypted files safely to git with clean diffs

- Run applications or render config templates with automatic secret injection

- Works completely offline - no external dependencies

Instead of depending on external services, your secrets travel with your code and work everywhere. You define team access in a config file, encrypt your secrets, and everything just works.

Built as a single Go binary that uses your existing SSH keys or generates new age keys.

Try it out and let me know what breaks or what's missing. I'd love to hear how this fits into your team's workflows and what could make it better.

GitHub: https://github.com/thunderbottom/kiln

Docs: https://kiln.sh

Comments

coding_coffee•6h ago

This looks amazing. A solid solution to a pain point I've dealt with on multiple teams where secrets management always turns into a mess, especially in distributed setups without universal access to vaults or services. Love the offline-first approach and integration with existing SSH keys. It feels like a natural extension of Git workflows without adding bloat.

Full disclosure: I know the OP personally from some past collaborations, but that doesn't change how genuinely impressed I am with this tool.

Ohio Man Loses Nearly Half a Million Dollars in Cryptocurrency Investment Scam

One simple trick to make your screenshots 80% smaller

AI Tricks to Get More Customers from ChatGPT [video]

Methodological Flaws Undermining Recent AI 'Scheming' Claims

How do you stop an AI model turning Nazi? What Grok drama reveals on AI training

Can't work out without music? Neither could the ancient Greeks and Romans

We should be in a golden age for sleep

Experimental demonstration of logical magic state distillation

Design Patterns for AI Interfaces

Show HN: Open-Source Quarter Sized AI Voice Assistant (ESP32-Pipecat)

Lessons from a Chimp: AI "Scheming" and the Quest for Ape Language

Andrew C. West 魏安 1960–2025

EU calls in X to talk Grok after antisemitic outbursts

Topical Authority: A Guide to SEO in the Age of AI (GEO)

Humans Are Starting to Talk More Like ChatGPT, Study Claims

Inequality, decay of democratic institutions linked to accelerated ageing

Don't publish your podcast only on Spotify

Eurostack could offer Canada a route to digital independence from the US

Development of Safety Domain Ontology Knowledge Base for Fall Accidents

Musk Has Money and XAI Wants Some

We Care a Lot

Hiring UI/UX Visionary

Cognition AI Buys Windsurf as A.I. Frenzy Escalates

Thoughts on Building with AI

A Quantum Correspondence

Cidco MailStation as a Z80 Development Platform (2019)

Why Gov. Greg Abbott Won't Release His Emails with Elon Musk

Photos: The Scale of China's Solar-Power Projects

Cognition's Acquisition of Windsurf

You can now connect a directory of apps and tools to Claude with one click