今日已更新 412 条资讯 | 累计 19972 条内容
关于我们

Dotsync – A zero-knowledge CLI to sync dotfiles and secrets in Go

Chauhan Pruthviraj 2026年06月26日 14:42 3 次阅读 来源:Dev.to

I spent 3 months building a tool that solves the most annoying part of working on a dev team. You know the drill: → New dev joins → "hey check your DMs" → Someone pastes the .env in Slack → That message sits there forever → 6 months later someone screenshots it by accident or worse — → git add . → git commit -m "added env" → git push → you just leaked your prod database URL to the internet I got tired of it. So I built DotSync. ─────────────────────────────────── Here's what it looks like in practice: $ dotsync push 🔒 Encrypting 10 secrets for team access... 📤 Uploading... ✅ Version : v7 Secrets : 10 keys encrypted Teammates can now run: dotsync pull That's it. New dev joins? They run dotsync pull. Secrets updated? dotsync push. Moving between your laptop and work machine? dotsync pull. ─────────────────────────────────── The part I actually care about — security: Everything is encrypted ON your machine before it hits the network. The server stores a blob it literally cannot read. I'm not asking you to trust my infrastructure. You don't have to. Stack if you're curious: • Argon2id key derivation (64MB memory cost — brute force isn't happening) • AES-256-GCM encryption • Zero-knowledge server (stores ciphertext only) • Single Go binary, no runtime deps ─────────────────────────────────── Other things it does that I use daily: dotsync diff → shows exactly which keys changed vs remote (never shows values) dotsync history → full version history, who pushed what and when dotsync rollback → restore any previous version in one command dotsync run -- node server.js → injects secrets as env vars, nothing written to disk dotsync scan → scans your codebase for accidentally committed secrets ─────────────────────────────────── Free tier covers: • 1 project • 3 team members • 7 days history That handles most small teams completely free. ─────────────────────────────────── Now the part where I need your help: I'm looking for 100 engineers to actually stress test this. Not "give i

本文内容来源于互联网,版权归原作者所有
查看原文