Show HN: Places-env, secure version control of environment files

Now that I have your attention (“Don’t you dare version control environment files!!”, “This can’t be safe.”) and before you tear me and my project to shreds, please allow me to take a moment to celebrate something small but meaningful: I’ve finally released a thing. Thank you.<p><i>Motivation tl;dr:</i> The existing tools and libraries for versioning and syncing environment files &#x2F; secrets across team members and CI machines just didn’t cut it for me. So, I set out to create my own solution — one finally checks all my boxes.<p><i>So what is places-env?</i><p>(I encourage you to check the readme <a href="https:&#x2F;&#x2F;github.com&#x2F;marckrenn&#x2F;places-env&#x2F;tree&#x2F;develop?tab=readme-ov-file#motivation--the-heck-is-places-env">https:&#x2F;&#x2F;github.com&#x2F;marckrenn&#x2F;places-env&#x2F;tree&#x2F;develop?tab=rea...</a> over on GitHub – it will all make a lot more sense with the corresponding schematic.)<p>- places-env is a self-contained, completely free open-source (FOSS) alternative to HashiCorp Vault, Infisical, dotenv-vault and sops.<p>- Leverages a single source of truth (SSOT) places.yaml for deriving multiple environment files.<p>- Similar to sops, places-env encrypts only the values in places.yaml, resulting in places.enc.yaml, which can be securely checked into git:<p><pre><code> - Congrats, your SSOT is now version-controlled - Always synchronized with collaborators - Fully in-sync with the rest of your code, branches and tags (try doing that with Infisical &amp; co.) - Changes remain &#x27;human-trackable&#x27; — even when values are encrypted - Contrary to sops, encryption keys can be assigned either per environment or on a per-value basis </code></pre> - Provides a straightforward setup with no dependency on external services or libraries.<p>- places watch start (persistently) tracks changes in places.yaml &#x2F; places.enc.yaml and automatically handles encryption, decryption, keeps .gitignore up-to-date, and auto-updates environment files. So it&#x27;s essentially set and forget.<p>If you’re intrigued, please also check out the readme’s FAQ section <a href="https:&#x2F;&#x2F;github.com&#x2F;marckrenn&#x2F;places-env&#x2F;tree&#x2F;develop?tab=readme-ov-file#faq">https:&#x2F;&#x2F;github.com&#x2F;marckrenn&#x2F;places-env&#x2F;tree&#x2F;develop?tab=rea...</a>.<p>Feedback, criticism, etc. is, of course, very welcome.