Skip to content

Node v0.1.0-alpha.8 — keychain strictly opt-in

Pre-release
Pre-release

Choose a tag to compare

View all tags
@davidalmeidac davidalmeidac released this 07 May 19:49
· 84 commits to main since this release
node-v0.1.0-alpha.8
9b60432

UX hot-fix on top of alpha.7. No wire-format changes.

Why

alpha.7's keychain backend was implicit: every CLI command tried to read from the OS keychain even when the user had never opted in. On Windows that meant ~300 ms of PowerShell spawn overhead per call (×3 for the three SEALED_ENV_* names).

What changed

sealed-env keychain push now writes a small marker file .sealed-env.json at the project root:

{
  "storage": "keychain",
  "backend": "Windows DPAPI (per-user)",
  "createdAt": "..."
}

Safe to commit — no secrets, just config. Lets a team standardize on keychain across machines.

The auto-loader now checks for that marker (or SEALED_ENV_USE_KEYCHAIN=1) BEFORE loading the keychain module. Without opt-in, the keychain code path is fully bypassed.

keychain clear and pull remove the marker. keychain status reports whether the marker is present.

Measured

sealed-env doctor dropped from ~1.7 s to ~250 ms for projects that haven't opted in. Identical performance for projects that have.

Full changelog: CHANGELOG.md

Assets 2
Loading