Show HN: Touchenv – store ENV master keys in macOS keychain

4 points

by tillcarlos

4 days ago

2 comments

story

Hey HN

I am used to store my secrets in Rails 8 fashion in so-called encrypted credentials, and committed to git.

The problem became: where to store the RAILS_MASTER_KEY securely?

Many people use 1password CLI, which can pull the keys out, but I didn't want to start using 1password.

Touchenv is a quick repo I spun up, which works surprisingly well.

e.g. deploying from localhost:

  - pnpm stagedeploy.  
  - starts touchenv exec .env -- kamal deploy. 
  - Touch Id prompt comes up. I have to confirm it with my fingerprint. 
  - Deploy runs.

My next step is to make a similar thing for my CI, or just use the KWS from AWS. I'll look into that soon.

Any feedback is appreciated.