Show HN: Keynest – a simple offline secrets manager (github.com)

Keynest has launched a new offline secrets manager designed to securely handle sensitive information without relying on cloud services or complex setups. This tool acts as a lightweight alternative to traditional .env files, enabling developers to manage encrypted secrets locally. Users can run commands with injected secrets as environment variables, which makes it easy to work with various applications like Docker, Node.js, and Python without exposing sensitive data in source code, logs, or prompts. The significance of Keynest lies in its focus on security and simplicity. By eliminating the need for accounts, cloud storage, and background processes, it addresses common pain points associated with existing secret management solutions such as Vault and 1Password CLI. Keynest employs robust encryption methods, including Argon2id for key derivation and XChaCha20-Poly1305 for data encryption, ensuring that secrets remain secure on the user's machine. The tool's ease of use is enhanced by commands that support key management, runtime secret injection, and simple data import/export functionality, making it a valuable addition for developers and AI researchers alike who need to safeguard sensitive credentials in their projects.