Now that I have your attention (“Don’t you dare version control environment files!!”, “This can’t be safe.”) and before you tear me and my project to shreds, please allow me to take a moment to celebrate something small but meaningful: I’ve finally released a thing. Thank you.
Motivation tl;dr: The existing tools and libraries for versioning and syncing environment files / secrets across team members and CI machines just didn’t cut it for me. So, I set out to create my own solution — one finally checks all my boxes.
So what is places-env?
(I encourage you to check the readme https://github.com/marckrenn/places-env/tree/develop?tab=rea... over on GitHub – it will all make a lot more sense with the corresponding schematic.)
- places-env is a self-contained, completely free open-source (FOSS) alternative to HashiCorp Vault, Infisical, dotenv-vault and sops.
- Leverages a single source of truth (SSOT) places.yaml for deriving multiple environment files.
- Similar to sops, places-env encrypts only the values in places.yaml, resulting in places.enc.yaml, which can be securely checked into git:
- Congrats, your SSOT is now version-controlled
- Always synchronized with collaborators
- Fully in-sync with the rest of your code, branches and tags (try doing that with Infisical & co.)
- Changes remain 'human-trackable' — even when values are encrypted
- Contrary to sops, encryption keys can be assigned either per environment or on a per-value basis
- Provides a straightforward setup with no dependency on external services or libraries.
- places watch start (persistently) tracks changes in places.yaml / places.enc.yaml and automatically handles encryption, decryption, keeps .gitignore up-to-date, and auto-updates environment files. So it's essentially set and forget.
If you’re intrigued, please also check out the readme’s FAQ section https://github.com/marckrenn/places-env/tree/develop?tab=rea....
Feedback, criticism, etc. is, of course, very welcome.
If you are looking for a tool that solves some of these problems, but also provides a more complete toolkit for dealing with config, check out https://dmno.dev
It has a plugin system and while we have an encrypted file plugin that works like places-env, we also support syncing secrets from places like 1Password, Bitwarden, Infisical, with more plugins in the works (aws, gcp, azure).
Additionally it handles:
- validation and coercion
- full type-safety (currently only for TypeScript, but generated types for other languages are coming soon!)
- built in documentation for your config
- sharing config across projects in a monorepo
- composing config any way you want, not just limited to an env switch and string templates
- manage all config, not just sensitive values
- better conrol of static/dynamic config (which values can be replaced at build time)
- security features (log redaction, leak prevention) for JS/TS
- drop in integrations for many frameworks and tools
- additional tools for dealing with various platforms (vercel/netlify/cloudflare/etc) that provide pre-built schemas defining env vars they inject, and additional tooling
- flexible type system to reuse existing config type definitions that come with built-in validations, docs, etc
It's built in TypeScript, and you define your config schema in a TS file, but it is designed to be used in projects in any language, providing a unified config system for your whole stack.
Would love to hear what you think. Pop into our discord and say hi :) https://chat.dmno.dev