Built this after a couple of “oh shit did I just push secrets?” moments.
For small projects, the existing options felt like overkill (vaults, external services, team setup), so I wanted something that:
- keeps the .env workflow intact
- doesn’t depend on any external service
- is simple enough that I’d actually use it every time
Dotlock just encrypts your .env with a passphrase so it’s safe to commit, and lets you decrypt it locally when needed.
I’m sure there are tools in this space (git-crypt, sops, etc.), so I’m curious where this feels redundant vs actually useful — especially for solo devs / small teams.
For small projects, the existing options felt like overkill (vaults, external services, team setup), so I wanted something that:
- keeps the .env workflow intact - doesn’t depend on any external service - is simple enough that I’d actually use it every time
Dotlock just encrypts your .env with a passphrase so it’s safe to commit, and lets you decrypt it locally when needed.
I’m sure there are tools in this space (git-crypt, sops, etc.), so I’m curious where this feels redundant vs actually useful — especially for solo devs / small teams.
Would love honest feedback.