Show HN: enveil – hide your .env secrets from prAIng eyes (github.com)

A new project called enveil has been launched to address the security risks associated with storing sensitive information in plaintext `.env` files, which AI coding tools, like Claude Code and Copilot, can inadvertently access. Enveil eliminates the need for plaintext secrets by replacing them with symbolic references that point to encrypted values stored locally. When a project is run, secrets are dynamically injected into the environment without ever being written to disk, significantly reducing the risk of accidental exposure to AI tools or other threats. This solution is particularly significant for the AI/ML community, as it mitigates a known vulnerability in AI-assisted development environments. Enveil employs robust encryption techniques, including 256-bit AES with Argon2id for password derivation, ensuring that only users with the master password can access the secrets. Moreover, the encryption process features a random nonce for each write, enhancing security against replay attacks. With its straightforward installation and usage, developers can seamlessly integrate enveil into their projects, thereby promoting best practices for managing sensitive configuration data in an era where automated coding systems are on the rise.