GreatScott

GreatScott / enveil

Public

enject: Hide .env secrets from prAIng eyes: secrets live in local encrypted stores (per project) and are injected directly into apps at runtime, never touching disk as plaintext.

404
9
100% credibility
Found Feb 24, 2026 at 305 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Rust
AI Summary

Enveil protects project secrets from AI coding tools by storing them encrypted locally and injecting them directly into running apps without plaintext on disk.

How It Works

1
🔍 Worry about AI peeking

You realize AI helpers might accidentally see private info like passwords in your project's settings file.

2
📦 Grab the secret hider

You easily add this simple protector tool to your computer to keep things safe.

3
🏠 Start in your project

In your project folder, you set up a private hiding spot and choose a strong personal password.

4
🔒 Stash your secrets

You carefully add each secret, like login details, by typing them securely without them ever appearing on screen or files.

5
📝 Use safe placeholders

You update your project's settings note to use friendly code words instead of the real secrets.

6
🚀 Run your project safely

You launch your app through the protector, whisper your password, and it slips the real secrets right to your app in memory.

Secrets stay hidden

Your project runs smoothly, AI can't see the secrets, and everything feels secure and private.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 305 to 404 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is enveil?

Enveil is a Rust CLI tool that hides .env secrets from prying eyes, targeting AI coders like Copilot or Claude that scan project dirs for plaintext leaks. It stores secrets live in a local encrypted store per project—using Argon2id and AES-256-GCM—and injects them directly into apps at runtime, never touching disk as plaintext. Your .env holds only `ev://key` refs, safe to commit; run `enveil init`, `set key`, then `enveil run -- npm start`.

Why is it gaining traction?

No external services needed, unlike 1Password integrations—it's self-contained for enveil meaning: total disk isolation. Features like `import` to templatize existing .env files, `rotate` for password changes, and hard fails on unresolved refs stand out, with exhaustive tests verifying no plaintext ever leaks. Devs dig committing "enveiled" .env templates without fear, even as AI unveils more project guts.

Who should use this?

Solo backend devs building Node, Python, or Rust apps who use AI tools daily and hate env leaks. Indie hackers in Dhaka or anywhere sharing repos openly. Teams evaluating enveil inc-style security for local dev without enterprise overhead.

Verdict

Solid for immediate use at 288 stars, stellar README/tests, and v0.1.0 stability—1.0% credibility score reflects niche youth, but crypto invariants hold up. Adopt if AI env snooping bugs you; watch for global stores.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.