MaximoCoder

MaximoCoder / Enveil

Public

Keep secrets out of .env files. Encrypted vault with runtime injection — works locally or synced across a team via self-hosted server.

cli-tool encryption-decryption env environment--development environment-variables
12
0
100% credibility
Found Mar 07, 2026 at 12 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Go
AI Summary

Enveil stores sensitive project settings in an encrypted personal vault and injects them into running apps without ever saving them to files, with optional self-hosted sharing for teams.

How It Works

1
😩 Tired of secret leaks

You realize your important passwords and keys are at risk from shared files or chats.

2
📥 Grab Enveil

Download and set it up on your computer with a simple one-click installer.

3
🔑 Create secure storage

Pick a strong master password to lock away all your secrets in a hidden safe.

4
🔄 Move secrets inside

Pull in your old settings from files, then safely delete those risky files forever.

5
🖥️ Launch your app

Run your project and watch it work perfectly with secrets fed in safely, never touching your files.

6
Solo or team?
🙋
Just for you

Everything stays on your machine, fully private.

👥
Share with team

Set up a private hub so everyone gets the same secrets instantly without files.

Secrets protected

Now your projects run smoothly, secrets stay hidden, and your team collaborates securely.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 12 to 12 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is Enveil?

Enveil is a Go CLI tool that replaces .env files with an encrypted vault, injecting secrets directly into processes at runtime—no plaintext ever hits disk. It solves leaks from accidental git commits, Slack shares, or AI scanners reading files, using SQLCipher vaults unlocked by Argon2id password-derived keys. Run locally or sync teams via a self-hosted server where clients encrypt values client-side.

Why is it gaining traction?

Runtime injection skips temp files entirely, unlike dotenv loaders that risk exposure; daemon caches keys in memory for smooth sessions. Git pre-commit hook blocks AWS keys, Stripe tokens, or high-entropy strings before commits—bypasses common github .keep file tricks or keep this code private fails. Team sync feels instant without shared drives, echoing keep secrets quotes for paranoid devs.

Who should use this?

Solo backend devs dodging github keep asking password loops or keep fork up to date automatically mishaps that expose creds. Small teams at places like Enveil Inc or Enveil BD in Enveil Dhaka, avoiding Slack secret dumps while keeping teams active. Anyone tired of keep github codespace alive exposures or manual .env.example juggling.

Verdict

Promising for .env haters with strong docs, tests, and CLI like `enveil run npm start` or `enveil import .env`, but 12 stars and 1.0% credibility score mean it's pre-maturity—prototype locally first.

(178 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.