Ask HN: 我开发了一个本地优先的加密密码管理器——求反馈?
1 分•作者: shahnoor•6 个月前
我构建 PushEnv 是因为我反复遇到 .env 文件带来的相同问题:密钥在 Slack 中被共享、提交到 Git、在不同机器上不同步,以及部署中断,却没有清晰的审计追踪或回滚机制。
PushEnv 是一个本地优先、加密的工作流程,用于管理环境变量。密钥在开发者机器上加密后才被存储,并且只上传密文。它没有仪表盘、没有账户,也没有 SaaS 依赖—— 仅仅是一个 Git 风格的 push/pull/diff/history 流程,用于 .env 文件。
它还支持使用 Zod 进行类型安全的 env 验证,为 CI 提供零文件密钥注入,以及版本化的回滚功能。
这是一个早期版本,我非常欢迎那些处理过大规模密钥管理的人的反馈——尤其是在安全假设、工作流程设计和实际的边缘情况方面。
查看原文
I built PushEnv after repeatedly running into the same problems with .env files: secrets getting shared in Slack, committed to Git, going out of sync across machines, and breaking deployments with no clear audit trail or rollback.<p>PushEnv is a local-first, encrypted workflow for managing environment variables. Secrets are encrypted on the developer’s machine before being stored, and only ciphertext is ever uploaded. There’s no dashboard, no accounts, and no SaaS dependency — just a Git-style push/pull/diff/history flow for .env files.<p>It also supports type-safe env validation with Zod, zero-file secret injection for CI, and versioned rollbacks.<p>This is an early version, and I’d really appreciate feedback from people who’ve dealt with secrets management at scale — especially around security assumptions, workflow design, and real-world edge cases.