Show HN: Liberty – 硬件绑定密钥管理器(告别 .env 文件)

3作者: deciphergit6 个月前
我厌倦了: - .env 文件被提交到 Git (这种情况见过 100 多次) - API 密钥在 Slack 中共享 - 疑惑谁有权访问什么机密信息 所以我构建了 Liberty - 一个 CLI 工具,用硬件绑定的加密来替换 .env 文件。 工作原理: ``` $ pip install liberty-secrets $ liberty add DATABASE_URL postgresql://... $ liberty add STRIPE_KEY sk-... $ liberty exec npm start ``` 机密信息使用从您机器的硬件(CPU ID + 机器 ID + 磁盘序列号)派生的密钥进行加密。如果有人窃取了您的 .liberty 库文件,它在他们的机器上将毫无用处。 功能: ``` - 硬件绑定的 AES-256-GCM 加密 - 完整的审计跟踪(符合合规性要求) - 离线工作(无需服务器,无需账户) - 全局库 (~/.liberty/ 可以在任何目录下使用) - MIT 许可,个人使用免费 ``` GitLab: [https://gitlab.com/deciphergit/liberty](https://gitlab.com/deciphergit/liberty) PyPI: [https://pypi.org/project/liberty-secrets/](https://pypi.org/project/liberty-secrets/) 团队功能(秘密共享)即将推出,作为付费层级。 欢迎反馈!
查看原文
I got tired of: - .env files committed to Git (seen it happen 100+ times) - API keys shared in Slack - Wondering who has access to what secrets<p>So I built Liberty - a CLI tool that replaces .env files with hardware-bound encryption.<p>How it works:<p><pre><code> $ pip install liberty-secrets $ liberty add DATABASE_URL postgresql:&#x2F;&#x2F;... $ liberty add STRIPE_KEY sk-... $ liberty exec npm start </code></pre> Secrets are encrypted with a key derived from your machine&#x27;s hardware (CPU ID + machine ID + disk serial). If someone steals your .liberty vault file, it&#x27;s useless on their machine.<p>Features:<p><pre><code> - Hardware-bound AES-256-GCM encryption - Complete audit trail (compliance-ready) - Works offline (no servers, no accounts) - Global vault (~&#x2F;.liberty&#x2F; works from any directory) - MIT licensed, free for individual use </code></pre> GitLab: <a href="https:&#x2F;&#x2F;gitlab.com&#x2F;deciphergit&#x2F;liberty" rel="nofollow">https:&#x2F;&#x2F;gitlab.com&#x2F;deciphergit&#x2F;liberty</a><p>PyPI: <a href="https:&#x2F;&#x2F;pypi.org&#x2F;project&#x2F;liberty-secrets&#x2F;" rel="nofollow">https:&#x2F;&#x2F;pypi.org&#x2F;project&#x2F;liberty-secrets&#x2F;</a><p>Team features (secret sharing) coming soon as paid tier.<p>Feedback welcome!