frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Show HN: Keeper – embedded secret store for Go (help me break it)

https://github.com/agberohq/keeper
27•babawere•3h ago
Keeper is an embeddable secret store (Argon2id, XChaCha20-Poly1305 by default). Four security levels, audit chains, crash-safe rotation. Vault is overkill for most use cases. This is for when you ge paranoid about env and need encrypted local storage that doesn't suck. No security through obscurity, hence, It's still early, so now's the best time to find weird edge cases, race conditions, memory leaks, crypto misuse, anything that breaks. The README has a full security model breakdown if you want to get adversarial.

Comments

elthor89•1h ago
I have been looking for something like this. I know openbao, hashicorp vault.

But they require to be placed on a separate server, and come with their own infra management.

Is the idea of this project to embed this into you app, instead of relying on .env or an external vault?

n0n•44m ago
Genuine question: what's your thread model?

Vault gives time limited Tokens with Network Boundary. Instead of Keeper, i would just use age:

# write

echo "my secret" | age -r <recipient-pubkey> > secret.age

# read

age -d -i key.txt secret.age

modelorona•43m ago
Name could conflict with Keeper Security
nonameiguess•41m ago
Keeper is already the name of a popular enterprise secrets store: https://docs.keeper.io/en/user-guides/web-vault

I haven't used it, don't advocate for it, and have no opinion on either its viability or your product's viability for any specific use case. Mostly I just think it's a bit confusing to have two separate products in a very similar space with the same name.

tietjens•23m ago
Could I use this to store secrets to hide env vars from agents?
emanuele-em•21m ago
Per-bucket DEKs with HKDF, hashed policy keys to kill enumeration, HMAC audit chain. This is the kind of boring-correct crypto design I rarely see in Go libraries. memguard for the master key is a nice touch too.
Retr0id•20m ago
Mmmm vibecrypto, my favourite. I don't see anything obviously broken (at a glance) but as a perf improvement, there's little reason to use Argon2id for the "verification hash" step, might as well use sha256 there. There is also no need to use ConstantTimeCompare because the value being compared against is not secret, although it doesn't hurt.

The "Crash-safe rotation WAL" feature sounds sketchy and it's what I'd audit closely, if I was auditing closely.

RALaBarge•18m ago
Hey I ran this request through my AI harness (beigeboxoss.com), first with a smaller local model and then validated with Trinity Large via OR. https://github.com/agberohq/keeper/issues/2 -- YMMV but wanted something to do with my coffee, thanks!
Retr0id•14m ago
> The VerifyHMAC() function unconditionally returns true when the HMAC field is empty

This kind of thing is super common in vibecoded crypto, I wonder why it keeps happening.

RALaBarge•13m ago
Not sure, I've seen common things like this pop up a lot too, the same errors being tripped over. I'm not sure if it is a context thing or just a limitation of how the models work presently? For stuff that I'm using myself, I will run these through like the top 10 reasoning models on OR and just see where everything pans out.

Edit: here is an example of the process and output with something I put together the other day: https://github.com/RALaBarge/garlicpress/blob/master/portfol...

France Launches Government Linux Desktop Plan as Windows Exit Begins

https://www.numerique.gouv.fr/sinformer/espace-presse/souverainete-numerique-reduction-dependance...
375•embedding-shape•1h ago•136 comments

Microsoft suspends dev accounts for high-profile open source projects

https://www.bleepingcomputer.com/news/microsoft/microsoft-suspends-dev-accounts-for-high-profile-...
61•N19PEDL2•39m ago•18 comments

How NASA built Artemis II’s fault-tolerant computer

https://cacm.acm.org/news/how-nasa-built-artemis-iis-fault-tolerant-computer/
432•speckx•20h ago•169 comments

Show HN: Keeper – embedded secret store for Go (help me break it)

https://github.com/agberohq/keeper
28•babawere•3h ago•11 comments

ETH Zurich demonstrates 17,000 qubit array with 99.91% fidelity

https://ethz.ch/en/news-and-events/eth-news/news/2026/04/a-new-trick-brings-stability-to-quantum-...
127•joko42•7h ago•27 comments

Model-Based Testing for Dungeons & Dragons

https://www.loskutoff.com/blog/model-based-testing-dnd/
42•Firfi•2d ago•6 comments

I still prefer MCP over skills

https://david.coffee/i-still-prefer-mcp-over-skills/
242•gmays•9h ago•197 comments

Native Instant Space Switching on macOS

https://arhan.sh/blog/native-instant-space-switching-on-macos/
542•PaulHoule•16h ago•250 comments

We've raised $17M to build what comes after Git

https://blog.gitbutler.com/series-a
172•ellieh•10h ago•377 comments

FBI used iPhone notification data to retrieve deleted Signal messages

https://9to5mac.com/2026/04/09/fbi-used-iphone-notification-data-to-retrieve-deleted-signal-messa...
24•01-_-•31m ago•4 comments

Artemis II and the invisible hazard on the way to the Moon

https://www.ansto.gov.au/news/artemis-ii-and-invisible-hazard-on-way-to-moon-part-1
24•zeristor•4h ago•24 comments

The Art of Risk Management (2017)

https://www.bcg.com/publications/2017/finance-function-excellence-corporate-development-art-risk-...
24•walterbell•2d ago•5 comments

Penguin 'Toxicologists' Find PFAS Chemicals in Remote Patagonia

https://www.ucdavis.edu/health/news/penguin-toxicologists-find-pfas-chemicals-remote-patagonia
34•giuliomagnifico•5h ago•9 comments

Generative art over the years

https://blog.veitheller.de/Generative_art_over_the_years.html
164•evakhoury•2d ago•43 comments

Charcuterie – Visual similarity Unicode explorer

https://charcuterie.elastiq.ch/
249•rickcarlino•15h ago•49 comments

RAM Has a Design Flaw from 1966. I Bypassed It [video]

https://www.youtube.com/watch?v=KKbgulTp3FE
268•surprisetalk•2d ago•85 comments

Old laptops in a colo as low cost servers

https://colaptop.pages.dev/
306•argentum47•17h ago•172 comments

Unfolder for Mac – A 3D model unfolding tool for creating papercraft

https://www.unfolder.app/
250•codazoda•19h ago•45 comments

PicoZ80 – Drop-In Z80 Replacement

https://eaw.app/picoz80/
203•rickcarlino•17h ago•32 comments

CollectWise (YC F24) Is Hiring

https://www.ycombinator.com/companies/collectwise/jobs/Ktc6m6o-ai-agent-engineer
1•OBrien_1107•7h ago

Instant 1.0, a backend for AI-coded apps

https://www.instantdb.com/essays/architecture
163•stopachka•17h ago•86 comments

War on Raze

https://gist.github.com/chrispsn/af6844b80687462814fc39d4b97399a6
17•tosh•3d ago•7 comments

Research-Driven Agents: When an agent reads before it codes

https://blog.skypilot.co/research-driven-agents/
183•hopechong•19h ago•48 comments

Sorting Performance Rabbit Hole

https://nibblestew.blogspot.com/2026/04/sorting-performance-rabbit-hole.html
4•ingve•3d ago•0 comments

The Raft consensus algorithm explained through "Mean Girls" (2019)

https://www.cockroachlabs.com/blog/raft-is-so-fetch/
94•vermilingua•8h ago•23 comments

Kagi Product Tips – Customize Your Search Results with URL Redirects

https://blog.kagi.com/tips/redirects
106•treetalker•14h ago•20 comments

An AI robot in my home

https://allevato.me/2026/04/07/an-ai-robot-in-my-home
47•kukanani•2d ago•18 comments

Afrika Bambaataa, hip-hop pioneer, has died

https://www.bbc.co.uk/news/articles/c2evppm30p7o
147•mellosouls•7h ago•36 comments

Hegel, a universal property-based testing protocol and family of PBT libraries

https://hegel.dev
121•PaulHoule•17h ago•32 comments

Reverse engineering Gemini's SynthID detection

https://github.com/aloshdenny/reverse-SynthID
160•_tk_•15h ago•52 comments