frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Show HN: Keeper – embedded secret store for Go (help me break it)

https://github.com/agberohq/keeper
27•babawere•2h ago
Keeper is an embeddable secret store (Argon2id, XChaCha20-Poly1305 by default). Four security levels, audit chains, crash-safe rotation. Vault is overkill for most use cases. This is for when you ge paranoid about env and need encrypted local storage that doesn't suck. No security through obscurity, hence, It's still early, so now's the best time to find weird edge cases, race conditions, memory leaks, crypto misuse, anything that breaks. The README has a full security model breakdown if you want to get adversarial.

Comments

elthor89•1h ago
I have been looking for something like this. I know openbao, hashicorp vault.

But they require to be placed on a separate server, and come with their own infra management.

Is the idea of this project to embed this into you app, instead of relying on .env or an external vault?

n0n•34m ago
Genuine question: what's your thread model?

Vault gives time limited Tokens with Network Boundary. Instead of Keeper, i would just use age:

# write

echo "my secret" | age -r <recipient-pubkey> > secret.age

# read

age -d -i key.txt secret.age

modelorona•33m ago
Name could conflict with Keeper Security
nonameiguess•31m ago
Keeper is already the name of a popular enterprise secrets store: https://docs.keeper.io/en/user-guides/web-vault

I haven't used it, don't advocate for it, and have no opinion on either its viability or your product's viability for any specific use case. Mostly I just think it's a bit confusing to have two separate products in a very similar space with the same name.

tietjens•13m ago
Could I use this to store secrets to hide env vars from agents?
emanuele-em•11m ago
[delayed]
Retr0id•10m ago
Mmmm vibecrypto, my favourite. I don't see anything obviously broken (at a glance) but as a perf improvement, there's little reason to use Argon2id for the "verification hash" step, might as well use sha256 there. There is also no need to use ConstantTimeCompare because the value being compared against is not secret.

The "Crash-safe rotation WAL" feature sounds sketchy and it's what I'd audit closely, if I was auditing closely.

RALaBarge•9m ago
Hey I ran this request through my AI harness (beigeboxoss.com), first with a smaller local model and then validated with Trinity Large via OR. https://github.com/agberohq/keeper/issues/2 -- YMMV but wanted something to do with my coffee, thanks!
Retr0id•5m ago
> The VerifyHMAC() function unconditionally returns true when the HMAC field is empty

This kind of thing is super common in vibecoded crypto, I wonder why it keeps happening.

RALaBarge•3m ago
Not sure, I've seen common things like this pop up a lot too, the same errors being tripped over. I'm not sure if it is a context thing or just a limitation of how the models work presently? For stuff that I'm using myself, I will run these through like the top 10 reasoning models on OR and just see where everything pans out.

Show HN: Keeper – embedded secret store for Go (help me break it)

https://github.com/agberohq/keeper
27•babawere•2h ago•10 comments

Show HN: Airwave synced music streaming from YouTube/Spotify links

https://github.com/76696265636f646572/Airwave
2•Vibecoder_•2h ago•0 comments

Show HN: I built a Cargo-like build tool for C/C++

https://github.com/randerson112/craft
154•randerson_112•19h ago•137 comments

Show HN: Druids – Build your own software factory

https://github.com/fulcrumresearch/druids
53•etherio•1d ago•11 comments

Show HN: Rust based eBook library for Python, with MIT license

https://github.com/arc53/fast-ebook
28•larry-the-agent•13h ago•2 comments

Show HN: CSS Studio. Design by hand, code by agent

https://cssstudio.ai
154•SirHound•1d ago•95 comments

Show HN: A tool to manage a swarm of coding agents on Linux

https://github.com/penberg/swarm
5•penberg•3h ago•2 comments

Show HN: A security scanner for AI Agent Skills

https://github.com/Fangcun-AI/SkillWard/tree/main
5•mayziem•4h ago•0 comments

Show HN: Search cheap night train tickets in Europe

https://trainbot.eu/
3•druskacik•4h ago•0 comments

Show HN: Moon simulator game, ray-casting

https://mooncraft2000.com
105•JKCalhoun•3d ago•24 comments

Show HN: Run GUIs as Scripts

https://github.com/skinnyjames/hokusai-pocket
2•zero-st4rs•4h ago•0 comments

Show HN: Hindsight Simulator – Go back in time and get rich

https://chrispattle.com/hindsight-simulator
8•pattle•2h ago•3 comments

Show HN: Guruka.com – free guided mediations. No signup, private, works offline

https://guruka.com/
25•eummm•21h ago•10 comments

Show HN: Reword, a Daily Anagram Game

https://amolkapoor.com/games/reword/
3•theahura•5h ago•1 comments

Show HN: 41 years sea surface temperature anomalies

https://ssta.willhelps.org
144•willmeyers•23h ago•65 comments

Show HN: Mdpdf a 2k line C CLI to convert Markdown to tiny PDFs

https://github.com/schicho/mdpdf
9•bastscho•19h ago•3 comments

Show HN: Orange Juice – Small UX improvements that make HN easier to read

http://oj-hn.com/
138•latchkey•1d ago•155 comments

Show HN: Linear RNN/Reservoir hybrid generative model, one C file (no deps.)

https://raw.githubusercontent.com/bggb7781-collab/lrnnsmdds/refs/heads/main/lrnnsmdds
7•adinhitlore•13h ago•2 comments

Show HN: A (marginally) useful x86-64 ELF executable in 301 bytes

https://github.com/meribold/btry
63•meribold•3d ago•19 comments

Show HN: Is Hormuz open yet?

https://www.ishormuzopenyet.com/
461•anonfunction•1d ago•204 comments

Show HN: I pipe free sports streams into Jellyfin – no ads, just HLS

https://github.com/pcruz1905/hls-restream-proxy
114•pruz•1d ago•36 comments

Show HN: Unicode Steganography

https://steganography.patrickvuscan.com
55•PatrickVuscan•2d ago•13 comments

Show HN: Go-Bt: Minimalist Behavior Trees for Go

https://github.com/rvitorper/go-bt
61•rvitorper•1d ago•12 comments

Show HN: We built a camera only robot vacuum for less than $300 (well almost)

https://indraneelpatil.github.io/blog/2026/robot-vacuum/
106•indraneelpatil•4d ago•55 comments

Show HN: Brutalist Concrete Laptop Stand (2024)

https://sam-burns.com/posts/concrete-laptop-stand/
782•sam-bee•3d ago•235 comments

Show HN: TUI-use: Let AI agents control interactive terminal programs

https://github.com/onesuper/tui-use
52•dreamsome•1d ago•37 comments

Show HN: I built a navigation app that displays weather along the route

https://navimodo.com/
55•vkatluri•3d ago•25 comments

Show HN: Skrun – Deploy any agent skill as an API

https://github.com/skrun-dev/skrun
59•frizull•1d ago•12 comments

Show HN: SmolVM – open-source sandbox for coding and computer-use agents

https://github.com/CelestoAI/SmolVM
6•theaniketmaurya•11h ago•2 comments

Show HN: An interactive map of Tolkien's Middle-earth

https://middle-earth-interactive-map.web.app/
287•frasermarlow•2d ago•69 comments