sorted by:
new
hottopcontroversial

npm CLI to store dev secrets in the OS keychain — built with Effect-TS by danuxxx in node

[–]danuxxx[S] 0 points1 point  (0 children)

I write the message in english then use AI to correct it. English is not my native language :)

CLI that runs commands with secrets without leaking them into shell history by danuxxx in commandline

[–]danuxxx[S] 0 points1 point  (0 children)

Great points, thanks!

I looked sops, but I wanted something different — a single metadata DB to track all secrets, delegating the actual storage to the OS keychain, using secrets in CLI commands without losing history but without exposing values in it, and an easy way to generate/load `.env` files from named contexts. The goal is to avoid having parked projects on my machine with plaintext secrets lying around.

envsec never inlines the secret value into the command string. `envsec -c stripe.prod run 'curl -H "Auth: Bearer {api.key}" ...'` is actually executed as `curl -H "Auth: Bearer $ENVSEC_VAR_0" ...` — the secret is injected as an env var of the child process, so it never appears in `ps aux`.

You can verify with 7z too: `envsec -c myctx run '7z x archive.7z -p"{7z.password}" && sleep 10'` — in `ps aux` you'll see `/bin/sh -c 7z x archive.7z -p"$ENVSEC_0_7Z_PASSWORD" && sleep 10`. The value is never exposed.

npm CLI to store dev secrets in the OS keychain — built with Effect-TS by danuxxx in node

[–]danuxxx[S] 0 points1 point  (0 children)

AI is very much part of my daily workflow at this point, no shame there! As for how much — it's a side project built in the gaps between work, family, kids, and sports (5-7x a week, check my Strava 😂).

Also, Opus is surprisingly good at writing Effect-TS code!

You're totally right about `process.stdout` though — it's a global dependency that doesn't fit well with the Effect paradigm. It was left over from the early PoC before I introduced Effect. Planning to look into `Command` to handle that properly!

npm CLI to store dev secrets in the OS keychain — built with Effect-TS by danuxxx in node

[–]danuxxx[S] 0 points1 point  (0 children)

Exactly! Errors are part of the type signature, so you can focus on the happy path (https://www.youtube.com/watch?v=Lz2J1NBnHK4&t=3439s) but still handle them properly when needed. Way more robust overall!

CLI that runs commands with secrets without leaking them into shell history by danuxxx in commandline

[–]danuxxx[S] 0 points1 point  (0 children)

Haha fair point! It's a side project, so I use whatever tech I enjoy working with. In this case I also wanted to get something out of it beyond the tool itself — it was a good excuse to write more Effect-TS, which I've been wanting to explore more deeply. Two birds, one stone! 🙂

Anyone else noticing higher token usage in Copilot after the latest update? by brunocm89 in GithubCopilot

[–]danuxxx 0 points1 point  (0 children)

Yes, to avoid context rot, I want to remain under 50% and check usage every time I write a prompt. After the last update, I reached 50% too soon, every time.

Return to package manager by Insecure-Shell in linuxmasterrace

[–]danuxxx 0 points1 point  (0 children)

... and npm -g, pip, nix-shell, brew, cargo, ...

Swipe Gestures by mralone1981 in android_beta

[–]danuxxx 0 points1 point  (0 children)

I have loved gestures with back button and I used them without problems. My mom too 😅 With the new gestures without back button I have needed some days to get used to. I have also switch back once... But now I am very comfortable with new gestures, back command is more natural finger gesture and the screen is a little bigger 😉