frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Show HN: Liberty – Hardware-bound secret manager (no more .env files)

4•deciphergit•1d ago
I got tired of: - .env files committed to Git (seen it happen 100+ times) - API keys shared in Slack - Wondering who has access to what secrets

So I built Liberty - a CLI tool that replaces .env files with hardware-bound encryption.

How it works:

  $ pip install liberty-secrets
  $ liberty add DATABASE_URL postgresql://...
  $ liberty add STRIPE_KEY sk-...
  $ liberty exec npm start
Secrets are encrypted with a key derived from your machine's hardware (CPU ID + machine ID + disk serial). If someone steals your .liberty vault file, it's useless on their machine.

Features:

  - Hardware-bound AES-256-GCM encryption
  - Complete audit trail (compliance-ready)
  - Works offline (no servers, no accounts)
  - Global vault (~/.liberty/ works from any directory)
  - MIT licensed, free for individual use
GitLab: https://gitlab.com/deciphergit/liberty

PyPI: https://pypi.org/project/liberty-secrets/

Team features (secret sharing) coming soon as paid tier.

Feedback welcome!

Comments

nosuchthing•1h ago
Anyone who uses this risks being locked out forever because the "key" will be destroyed if they upgrade their computer or suffer hardware failures.
hackingonempty•1h ago
How much entropy is in cpu id, machine id and disk serial? You might as well just generate an appropriate length random key and store it in the config dir.

Better would be to use the OS secret storage API to store the secrets. Maybe put the context name they are stored under in the .liberty file.

The URL shortener that makes your links look as suspicious as possible

https://creepylink.com/
176•dreadsword•3h ago•33 comments

Claude Cowork exfiltrates files

https://www.promptarmor.com/resources/claude-cowork-exfiltrates-files
581•takira•10h ago•245 comments

Furiosa: 3.5x efficiency over H100s

https://furiosa.ai/blog/introducing-rngd-server-efficient-ai-inference-at-data-center-scale
130•written-beyond•5h ago•67 comments

Show HN: Sparrow-1 – Audio-native model for human-level turn-taking without ASR

https://www.tavus.io/post/sparrow-1-human-level-conversational-timing-in-real-time-voice
37•code_brian•12h ago•8 comments

Ask HN: What did you find out or explore today?

49•blahaj•12h ago•36 comments

Scaling long-running autonomous coding

https://cursor.com/blog/scaling-agents
168•samwillis•8h ago•81 comments

Ask HN: Share your personal website

521•susam•13h ago•1511 comments

New Safari developer tools provide insight into CSS Grid Lanes

https://webkit.org/blog/17746/new-safari-developer-tools-provide-insight-into-css-grid-lanes/
20•feross•5h ago•4 comments

Project SkyWatch (a.k.a. Wescam at Home)

https://ianservin.com/2026/01/13/project-skywatch-aka-wescam-at-home/
12•jjwiseman•13h ago•3 comments

Ask HN: How are you doing RAG locally?

69•tmaly•15h ago•21 comments

The State of OpenSSL for pyca/cryptography

https://cryptography.io/en/latest/statements/state-of-openssl/
117•SGran•8h ago•19 comments

Bubblewrap: A nimble way to prevent agents from accessing your .env files

https://patrickmccanna.net/a-better-way-to-limit-claude-code-and-other-coding-agents-access-to-se...
59•0o_MrPatrick_o0•4h ago•49 comments

Why some clothes shrink in the wash and how to unshrink them

https://www.swinburne.edu.au/news/2025/08/why-some-clothes-shrink-in-the-wash-and-how-to-unshrink...
486•OptionOfT•4d ago•252 comments

Ask HN: Weird archive.today behavior?

71•rabinovich•8h ago•18 comments

Show HN: Ever wanted to look at yourself in Braille?

https://github.com/NishantJoshi00/dith
20•cat-whisperer•5d ago•10 comments

Ask HN: What is the best way to provide continuous context to models?

33•nemath•5h ago•15 comments

Show HN: WebTiles – create a tiny 250x250 website with neighbors around you

https://webtiles.kicya.net/
152•dimden•5d ago•23 comments

Show HN: Webctl – Browser automation for agents based on CLI instead of MCP

https://github.com/cosinusalpha/webctl
79•cosinusalpha•15h ago•26 comments

SparkFun Officially Dropping AdaFruit due to CoC Violation

https://www.sparkfun.com/official-response
430•yaleman•15h ago•431 comments

Handy – free open source speech-to-text app

https://github.com/cjpais/Handy
3•tin7in•1h ago•0 comments

Sun Position Calculator

https://drajmarsh.bitbucket.io/earthsun.html
90•sanbor•9h ago•19 comments

Find a pub that needs you

https://www.ismypubfucked.com/
250•thinkingemote•14h ago•197 comments

ChromaDB Explorer

https://www.chroma-explorer.com/
48•arsentjev•8h ago•3 comments

Generate QR Codes with Pure SQL in PostgreSQL

https://tanelpoder.com/posts/generate-qr-code-with-pure-sql-in-postgres/
69•tanelpoder•4d ago•6 comments

Crafting Interpreters

https://craftinginterpreters.com/
60•tosh•8h ago•8 comments

How can I build a simple pulse generator to demonstrate transmission lines

https://electronics.stackexchange.com/questions/764155/how-can-i-build-a-simple-pulse-generator-t...
30•alphabetter•5d ago•7 comments

Roam 50GB is now Roam 100GB

https://starlink.com/support/article/58c9c8b7-474e-246f-7e3c-06db3221d34d
268•bahmboo•14h ago•315 comments

Is Rust faster than C?

https://steveklabnik.com/writing/is-rust-faster-than-c/
253•vincentchau•4d ago•283 comments

Ford F-150 Lightning outsold the Cybertruck and was then canceled for poor sales

https://electrek.co/2026/01/13/ford-f150-lightning-outsold-tesla-cybertruck-canceled-not-selling-...
551•MBCook•13h ago•720 comments

Rubik's Cube in Prolog – Order

https://medium.com/@kenichisasagawa/i-am-preparing-material-for-a-prolog-book-af7580acfee7
29•myth_drannon•4d ago•8 comments