HackerTrans
TopNewTrendsCommentsPastAskShowJobs

techalchemist

no profile record

Submissions

Show HN: SecretEnv – Run any process with secrets from all your backends

github.com
5 points·by techalchemist·2 เดือนที่ผ่านมา·8 comments

Show HN: Muxforge Tmux Plugin Manager

muxforge.dev
4 points·by techalchemist·3 เดือนที่ผ่านมา·0 comments

Muxforge – Modern Tmux Plugin Manager

muxforge.dev
2 points·by techalchemist·3 เดือนที่ผ่านมา·3 comments

comments

techalchemist
·2 เดือนที่ผ่านมา·discuss
Best of luck and hope it works out for you.
techalchemist
·2 เดือนที่ผ่านมา·discuss
[dead]
techalchemist
·2 เดือนที่ผ่านมา·discuss
[flagged]
techalchemist
·2 เดือนที่ผ่านมา·discuss
Cool, I checked it out and must say varlock's solid, but it's solving different problem.

Varlock makes .env files smarter (validation, types, editor autocomplete, Next.js/Vite hooks).

SecretEnv gets rid of the .env files entirely. Your project lists what it needs by nickname, the actual secrets live in whatever backends your team already uses. Change backend? One line and every repo picks it up.

Both work with any language.

They could actually compose together, varlock can call secretenv to pull from the backends and validate on the top. :)
techalchemist
·2 เดือนที่ผ่านมา·discuss
Thanks for pointing out varlock. Let me go check it out.
techalchemist
·2 เดือนที่ผ่านมา·discuss
I had evaluated fnox. However you have a dependency of encryption/decryption.

So imagine the use case where you need to roll out a password change to 10 repos or offboard an engineer from the team.

In either case, the touch point now becomes 10 repos which need to be co-ordinated against.

Now imagine doing this at scale, you need to migrate password stores entirely. Not that it happens often, however I have been at start-ups where we moved from one cloud provider to another because we gained better discounts on contracts. The password store migration then would be an effort vs just updating 1 line in registry and it resolves.

Similarly user offboarding is handled by IAM permission as well, as soon as the user access is revoked the secret resolution is gone.

Thank you for bringing up fnox and mise. This was something I had evaluated and even written about in the security threat model. :)

https://github.com/TechAlchemistX/secretenv/blob/main/docs/s...
techalchemist
·2 เดือนที่ผ่านมา·discuss
The current support for backends include

AWS SSM Parameter Store / AWS Secrets Manager / GCP Secrets Manager / Azure Key Vault / Hashicorp Vault / OpenBao / Cyberark Conjur / 1Password / Doppler / Infisical / Keeper / Cloudflare Workers KV / macOS Keychain / Local File
techalchemist
·3 เดือนที่ผ่านมา·discuss
Thank You, I suppose. ^_^
techalchemist
·3 เดือนที่ผ่านมา·discuss
You SSH into your jumpbox, clone your dotfiles, fireup tmux and something is off.

Your status bar is still the default green and vim-tmux-navigator isn't working. You spend a couple minutes before you realize you forgot to clone TPM. o_O

It doesn't happen every time, but it has happened to me one too many times, and even when you do remember, there is no guarantee the plugin versions you get today match what you had last month.

TPM installs plugins, that's it. No Lock file, no version pinning, no reproducibility.

Muxforge is a single Go binary that manages tmux plugins the way you'd expect in 2026. Lock file for reproducibility, one-command migration from TPM, and a managed block in your tmux.conf that keeps plugin declarations clean without touching the rest of your config.

Works with stow and dotfile managers, the lock file is designed to live in version control.

v0.4.0 went up yesterday. MIT licensed. Would love feedback from anyone who's felt this pain.

https://muxforge.dev