Show HN: Liberty – 硬件绑定密钥管理器(告别 .env 文件)
3 分•作者: deciphergit•6 个月前
我厌倦了:
- .env 文件被提交到 Git (这种情况见过 100 多次)
- API 密钥在 Slack 中共享
- 疑惑谁有权访问什么机密信息
所以我构建了 Liberty - 一个 CLI 工具,用硬件绑定的加密来替换 .env 文件。
工作原理:
```
$ pip install liberty-secrets
$ liberty add DATABASE_URL postgresql://...
$ liberty add STRIPE_KEY sk-...
$ liberty exec npm start
```
机密信息使用从您机器的硬件(CPU ID + 机器 ID + 磁盘序列号)派生的密钥进行加密。如果有人窃取了您的 .liberty 库文件,它在他们的机器上将毫无用处。
功能:
```
- 硬件绑定的 AES-256-GCM 加密
- 完整的审计跟踪(符合合规性要求)
- 离线工作(无需服务器,无需账户)
- 全局库 (~/.liberty/ 可以在任何目录下使用)
- MIT 许可,个人使用免费
```
GitLab: [https://gitlab.com/deciphergit/liberty](https://gitlab.com/deciphergit/liberty)
PyPI: [https://pypi.org/project/liberty-secrets/](https://pypi.org/project/liberty-secrets/)
团队功能(秘密共享)即将推出,作为付费层级。
欢迎反馈!
查看原文
I got tired of:
- .env files committed to Git (seen it happen 100+ times)
- API keys shared in Slack
- Wondering who has access to what secrets<p>So I built Liberty - a CLI tool that replaces .env files with hardware-bound encryption.<p>How it works:<p><pre><code> $ pip install liberty-secrets
$ liberty add DATABASE_URL postgresql://...
$ liberty add STRIPE_KEY sk-...
$ liberty exec npm start
</code></pre>
Secrets are encrypted with a key derived from your machine's hardware (CPU ID
+ machine ID + disk serial). If someone steals your .liberty vault file, it's useless on their machine.<p>Features:<p><pre><code> - Hardware-bound AES-256-GCM encryption
- Complete audit trail (compliance-ready)
- Works offline (no servers, no accounts)
- Global vault (~/.liberty/ works from any directory)
- MIT licensed, free for individual use
</code></pre>
GitLab: <a href="https://gitlab.com/deciphergit/liberty" rel="nofollow">https://gitlab.com/deciphergit/liberty</a><p>PyPI: <a href="https://pypi.org/project/liberty-secrets/" rel="nofollow">https://pypi.org/project/liberty-secrets/</a><p>Team features (secret sharing) coming soon as paid tier.<p>Feedback welcome!