[ak217]

> even the classic .env seems like a better choice in every way

That's a pretty thorough misunderstanding of the value that secrets management services provide. We can start with the idea of never storing secrets in files.

I think most companies also understand the difference between plain HTTP localhost loopback and transmitting secrets in plaintext over the network. There are many services that rely on localhost loopbacks for handling all kinds of sensitive data.

Chamber is great but generally relies on transmitting secrets via environment variables to the enclosed process and assumes that they will remain valid for the lifetime of that process. Part of the point of this tool is to provide a secrets cache with a TTL.