Skip to content
/ sealed Public

minimal CLI for storing encrypted environment variables directly in .env files.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

openRings/sealed

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
cli
cli
 
 
lib
lib
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

sealed

Encrypted environment variables, without breaking your .env workflow.

sealed is a small Rust workspace that gives you:

  • a CLI to encrypt values directly in .env files (Git-friendly and diffable)
  • a tiny library to read and decrypt encrypted values from process environment

What this is

  • Encrypt only values, keep keys and file structure intact
  • One project key, no prompts, script/CI friendly
  • Safe defaults and clear error messages

When it helps

  • You want to commit .env to git but keep secrets encrypted
  • You need a minimal tool that works in shells, pipelines, and CI
  • You want a library to read encrypted env vars like std::env::var

Quick look

sealed keygen
sealed set DATABASE_PASSWORD -s -k "<base64-key>" <<<"supersecret"
sealed get DATABASE_PASSWORD -r -k "<base64-key>"

What’s inside

  • CLI (cargo-sealed): cli/README.md
    • Commands, examples, exit codes, and env file format
  • Library (sealed-env): lib/README.md
    • API docs and Rust usage examples

Format Encrypted values are stored as:

ENCv1:<base64(nonce)>:<base64(ciphertext)>

License MIT

About

minimal CLI for storing encrypted environment variables directly in .env files.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Languages