I've just released a small utility tool I made in Go, to create short-living .env files from your password manager. At this moment, it's compatible with bitwarden and 1Password.
It's not a super fancy project, but I've been using it for a long time now, and thought others would like to use it as well.
Why did I build this ?
First, for fun and to practice Go.
Second, in terms of security, I've always found it a little bit odd to have .env files lying around in clear on our disks. Especially when they contain sensitive secrets. We've seen a surge of attacks against developers with malicious npm packages exfiltrating .env files to steal credentials and crypto wallets. Although this does not protect completely, it's still better than nothing.
Finally, I once lost a .env file because of a wrong action. Since it was not under source control (for basic good practice), I had to create it all over again. Super painful.
Would love your feedback on it. Please note that it's still a work in progress and I've only tested it on mac arm64.
NOTE : the source code is not available yet as I want to clean it and document it correctly first. Typically, I have a Provider interface currently implemented with File, bitwarden cli and 1Password cli. But I want to add more implementations in order to find the good trade-off between not abstracting and abstracting too much.
NOTE 2 : As stated in the README, password managers already provide solutions for this problem but I simply didn't like how they are "too invasive" in the development workflow.
Cheers.
No comments yet.
