Cryptographic systems are mostly designed for machines, not humans. We end up staring at long strings. I wanted to experiment with how to better visualize them - in a more human way. The result is KEYSEE⎔. Try it out and hope you enjoy! There is also a whitepaper that goes into more details (under the /api section).
> If you did 'dotenvx run -- env', all your secrets would be printed right there in plaintext
Same for sops.
> The equivalent in vercel would be encrypted in the database (the encrypted '.env' file), with a decryption key in the backend
The encrypted .env file is actually committed to source code, and the decryption key is placed in Vercel's environment variables dashboard. The attacker only gained access to the latter here if using dotenvx so they can't get your secrets. Unless they also gained access to the codebase in which they have terabytes of data to go through and match up private keys from the database with encrypted .env files from the source code exfiltration - much more effort for attackers.
There is no silver bullet, but Dotenvx splits your secrets into two separate locations.
1. The private decryption key - which lives on Vercel in this example
2. The encrypted .env file which lives in your source code pushed to Vercel
Attackers only got access to the first (as far as I know was reported). So your secrets would be safe in this attack if using Dotenvx. (A private key is useless without its corresponding encrypted .env file. Attackers need both.)
I wish there was a standardized or common methodology for classifying notifications. App developers could adopt this and consumers could take the pattern with them across all types of interfaces - desktop, smartphone, speakers, tv. Maybe someone knows if any government entity or force has a methodology for this?
That's a novel thought. I imagine then the native mail apps would expand in settings in order to block some bad senders from abusing that email header.
Tangentially related, iOS mail app has a VIP setting.