Show HN: Enseal – Stop pasting secrets into Slack .env sharing from the terminal(github.com)
github.com
Show HN: Enseal – Stop pasting secrets into Slack .env sharing from the terminal
https://github.com/FlerAlex/enseal
1 comments
Nice tool. The core problem you're solving (secrets leaking through comms channels) is real — we've seen teams paste API keys in Slack channels "just this once" and never rotate them.
We approached the same problem from a different angle with KeyEnv (https://keyenv.dev): instead of encrypting the .env transfer, we eliminate .env files entirely. Secrets live in KeyEnv, the CLI injects them at runtime with `keyenv run -- your-command`, and nothing ever touches the filesystem. No file to share, no file to leak.
Your tool still has value for teams that can't migrate away from .env — good building block.
We approached the same problem from a different angle with KeyEnv (https://keyenv.dev): instead of encrypting the .env transfer, we eliminate .env files entirely. Secrets live in KeyEnv, the CLI injects them at runtime with `keyenv run -- your-command`, and nothing ever touches the filesystem. No file to share, no file to leak.
Your tool still has value for teams that can't migrate away from .env — good building block.
# recipient $ enseal receive 7-guitarist-revenge ok: 14 secrets written to .env Zero setup, no accounts, no keys needed for basic use. Channels are single-use and time-limited. The relay never sees plaintext (age encryption + SPAKE2 key exchange). For teams that want more: identity mode with public key encryption, process injection (secrets never touch disk), schema validation, at-rest encryption for git, and a self-hostable relay. Written in Rust. MIT licensed. Available via cargo install, prebuilt binaries, or Docker. Looking for feedback on the UX and security model especially. What would make you actually reach for this instead of the Slack DM?
Detailed documentation here: https://enseal.docsyard.com/