Motivation tl;dr: The existing tools and libraries for versioning and syncing environment files / secrets across team members and CI machines just didn’t cut it for me. So, I set out to create my own solution — one finally checks all my boxes.
So what is places-env?
(I encourage you to check the readme https://github.com/marckrenn/places-env/tree/develop?tab=rea... over on GitHub – it will all make a lot more sense with the corresponding schematic.)
- places-env is a self-contained, completely free open-source (FOSS) alternative to HashiCorp Vault, Infisical, dotenv-vault and sops.
- Leverages a single source of truth (SSOT) places.yaml for deriving multiple environment files.
- Similar to sops, places-env encrypts only the values in places.yaml, resulting in places.enc.yaml, which can be securely checked into git:
- Congrats, your SSOT is now version-controlled
- Always synchronized with collaborators
- Fully in-sync with the rest of your code, branches and tags (try doing that with Infisical & co.)
- Changes remain 'human-trackable' — even when values are encrypted
- Contrary to sops, encryption keys can be assigned either per environment or on a per-value basis
- places watch start (persistently) tracks changes in places.yaml / places.enc.yaml and automatically handles encryption, decryption, keeps .gitignore up-to-date, and auto-updates environment files. So it's essentially set and forget.
If you’re intrigued, please also check out the readme’s FAQ section https://github.com/marckrenn/places-env/tree/develop?tab=rea....
Feedback, criticism, etc. is, of course, very welcome.