Show HN: A local secrets manager with easy backup

16•RaiyanYahya•3d ago

Comments

CBLT•10h ago

Skimmed the readme, seems like it's not AEAD? I don't see any reason to use a tool that's not AEAD.

Also, while I get the appeal of just storing it all in a giant JSON, I don't really feel that's the final word in simple storage formats. I'd personally just use SQLite, or some other format I could rsync.

renerick•10h ago

Text formats have the advantage of better support in version control systems. SOPS does similar thing, it stores encrypted values in yaml/json, and from my experience using this approach with git it is indeed an improvement over, say, Ansible vault, which essentially turns text files into blobs

CBLT•9h ago

I use pass[0] which uses a flat directory structure and git. It works great! At $dayjob we have json lockfiles committed to git and merges get pretty gnarly. Not as big of a fan of just dropping it all in json. The toml lockfiles are a bit better in git.

[0] https://www.passwordstore.org/

ecb_penguin•9h ago

> Skimmed the readme, seems like it's not AEAD?

Are you just looking for keywords? That's not how a quality security review should be done.

> I don't see any reason to use a tool that's not AEAD.

Do you have an actual attack? Non AEAD schemes have been used for decades without any attack.

There might be entirely valid complaints against this. Lack of AEAD is not one...

> I don't really feel that's the final word in simple storage formats.

Literally nobody said it was

> I'd personally just use SQLite, or some other format I could rsync.

You can rsync a JSON file just as you can rsync a SQLite file....

CBLT•9h ago

> You can rsync a JSON file just as you can rsync a SQLite file....

`sqlite-rsync` does a deep comparison and only transmits new rows, without deleting other data. `rsync` on a json file just replaces the file.

w1nt3rmut3•7h ago

It is using https://cryptography.io/en/latest/hazmat/primitives/symmetri... so no aead. And also using this library as it strongly encourages to use something else. Because of footguns like this.

ctur•10h ago

It’s fun to build things like this but if you want to nourish a user base you need to fully understand the landscape of similar tools and then explain your differentiating value. This is /particularly/ important for security related tools.

Specifically you should compare and contrast to tools like SOPS, Ansible Vault, pass, etc.

ecb_penguin•9h ago

Or you could just build things for fun. Why do we have to care about "nourishing a user base"? Two decades ago we would build software and release it for fun and utility.

> Specifically you should compare and contrast to tools like SOPS, Ansible Vault, pass, etc.

What a boring proposition for hobby projects.

janfoeh•7h ago

You are taking the words right out of my mouth.

This Github star hunting—, CV padding—, make-it-big-and-BDFL-yourself—approach to open source that has crept in over the last decade is bewildering and rather unpleasant.

nodesocket•8h ago

Cool project. Is there a concept of namespaces or tags? Looking to store a group of secrets and then fetch them all with a single call.

RaiyanYahya•4h ago

thank you. I will be adding namespaces in the next release. Currently testing password rotation and backup to s3

RaiyanYahya•6h ago

Will be extending this with one more feature which I didnt think about .. the possibility to rotate passwords.

Might also extend it with an API. Not sure. cheers!

mateenah•5h ago

would be great to have a rotate password feature. good job

RaiyanYahya•5h ago

maybe push it to pypi as well ?

Don’t use “click here” as link text (2001)

How large are large language models?

Hack IKKO "AI powered" earbuds to run DOOM, stole OpenAI API key, customer data

Huawei releases an open weight model trained on Huawei Ascend GPUs

Hexagon fuzz: Full-system emulated fuzzing of Qualcomm basebands

Cloudflare Introduces Default Blocking of A.I. Data Scrapers

The Fed says this is a cube of $1M. They're off by half a million

The first American 'scientific refugees' arrive in France

A proof-of-concept neural brain implant providing speech

Recurse Center (YC S10) Is Hiring a Career Facilitator

Figma files for proposed IPO

Fakespot shuts down today after 9 years of detecting fake product reviews

Performance Debugging with LLVM-mca: Simulating the CPU

Tesla reports 14% decline in deliveries, marking second year-over-year drop

Hilbert's sixth problem: derivation of fluid equations via Boltzmann's theory

Chatbot Flow Editor – Visual tool for designing conversation flows

They tried Made in the USA – it was too expensive for their customers

Sam Altman Slams Meta’s AI Talent Poaching: 'Missionaries Will Beat Mercenaries'

Why Do Swallows Fly to the Korean DMZ?

Jack Welch, the Man Who Broke Capitalism (2022)

The Titanic’s Best Lifeboat

Code-GUI bidirectional editing via LSP

Soldier’s wrist purse discovered at Roman legionary camp

Show HN: Spegel, a Terminal Browser That Uses LLMs to Rewrite Webpages

Ask HN: Who is hiring? (July 2025)

Feasibility study of a mission to Sedna – Nuclear propulsion and solar sailing

HN Slop: AI startup ideas generated from Hacker News

More assorted notes on Liquid Glass

The Roman Roads Research Association

Show HN: I made a 2D game engine in Dart