Simple and easy secrets, perfect for small teams.
- A small, readable, self-contained file for managing and storing secrets.
- Easy to use in both development and CI environments.
- Less than 50 lines of code, and only two dependencies -
bashandopenssl. - Supports encryption of env vars and config files.
There's no easy and straightforward way to store secrets for an app when you're just starting out, with a team of a few engineers. You don't want to pay the cost of integrating with a dedicated system that someone has to maintain.
With dotsecrets, you can store any secret you need in your git repo in encrypted form.
Share a secret key with your team, and use it for all sensitive config values.
Think SOPS-like workflow, but in one file that you commit to the repo, and use across dev and CI environments with no additional setup.
curl -f -o .secrets https://raw.githubusercontent.com/kamilchm/dotsecrets/main/dotsecretsAnd add it to your repo:
git add .secretsSet the SECRET_KEY environment variable and start using it.
bash .secrets VAR_NAME "VALUE" >> .secretsbash .secrets FILENAME >> .secretsexport `bash .secrets`Open .secrets with your favourite editor. Find the line with the variable or file name and delete it.
Remove the old value, and add the new one.
Add your SECRET_KEY to GitHub Actions Secrets.
Use the SECRET_KEY to decrypt secrets in a job:
- name: Job
env:
SECRET_KEY: ${{ secrets.SECRET_KEY }}
run: |
export `bash .secrets` # decrypt secrets before running a command
./run_job